This section covers the security and privacy features available to protect your OpenCommit account. These features are designed to safeguard your data, prevent unauthorized access, and give you control over your account.
We strongly recommend reviewing and enabling the available security options, especially if you maintain public projects or have own an organization.
Security Features#
OpenCommit provides several mechanisms to help secure your account:
Two-Factor Authentication (2FA)
Add an additional layer of protection using TOTP apps or hardware security keys.Hardware Security Keys (WebAuthn / FIDO2)
Use phishing-resistant authentication methods such as YubiKey or platform authenticators.Scratch Token
Regain access to your account if you lose your primary authentication method.
Privacy Considerations#
Your account settings allow you to control what information is visible to others, such as:
- Profile visibility and public information
- Email address exposure
- Activity and contribution visibility
Be mindful of what you share publicly, especially in open source environments.
Best Practices#
To maintain a secure account:
- Enable two-factor authentication (required by OpenCommit)
- Use a strong, unique password
- Prefer hardware security keys where possible
- Store your scratch token securely and offline
- Regularly review your account activity
- Avoid reusing credentials from other services
Responsibility#
Account security is a shared responsibility. While OpenCommit provides secure defaults and modern authentication methods, users are responsible for maintaining the security of their credentials and devices.