How to Protect Your Stitch Account
Practical steps to keep your Stitch account secure, and what to do if you suspect it was compromised.
Your account is the actual thing worth protecting
Most privacy settings inside Stitch control what other people can see. Account security is different — it is about making sure nobody except you can sign in at all. If your account is compromised, every privacy setting you have carefully configured stops mattering, because whoever has access to your account can see and do everything you can. This is worth treating as the foundational layer underneath everything else.
Use a strong, unique password
The single most effective thing you can do is use a password for Stitch that you do not reuse anywhere else. Password reuse is how most account takeovers actually happen — not by guessing your Stitch password directly, but by an unrelated site being breached and the same email-and-password combination being tried against other services, Stitch included. A password manager makes unique passwords practical without having to memorize each one.
Recognize phishing attempts
Nobody legitimate — not Stitch support, not a "verification" message, not an official-looking email — will ever need your password or a one-time verification code sent to your device. Any message asking you to "verify your account" by providing your password or a code, especially with urgent language, is a phishing attempt regardless of how convincing it looks.
If you are unsure whether a request is genuinely from Stitch, do not respond through the same channel — check official Stitch help pages directly, or contact support yourself rather than replying to the message you received.
Be careful with contact requests that move too fast
Account compromise attempts do not always target your Stitch login directly. Sometimes they aim at a different account entirely and use a compromised contact's Stitch account to reach you, since a message from a real contact is more convincing than a stranger's. If a contact's messages suddenly feel out of character — asking for money, codes, or account details — verify through a separate channel (a phone call, a different app) before responding.
Keep your recovery details current
Make sure the email address associated with your account is one you actually still use and control, since it is typically how you recover access if you ever need to. An out-of-date recovery email is one of the more common reasons people get permanently locked out of an account rather than being able to recover it.
Signing in on shared or public devices
If you ever sign in to Stitch on a device that is not fully your own — a shared family computer, a library or hotel computer, a friend's phone — treat it as temporary access, not a normal sign-in. Sign out explicitly when you are done rather than just closing the browser tab or app, since a session left open on a shared device is one of the more overlooked ways an account ends up accessible to someone it should not be. If you are not sure whether you remembered to sign out somewhere, changing your password is a reliable way to force every existing session to require the new one.
The role of Chat Lock alongside account security
Account security and Chat Lock solve different layers of the same underlying concern. Account security is about preventing anyone else from signing in as you at all; Chat Lock is about a narrower, everyday scenario — someone briefly picking up your already-unlocked phone. Neither substitutes for the other: a strong password does nothing if someone glances at your unlocked screen, and Chat Lock does nothing if someone has your actual account credentials. Treating them as complementary, rather than picking one, is the more complete approach.
If you suspect your account has been compromised
- Change your password immediately, and make sure the new one is not reused from any other site.
- Review your recent activity and contacts for anything you do not recognize.
- Warn your contacts if you believe messages were sent from your account without your knowledge, so they know not to trust anything unusual they may have already received.
- Contact Stitch support if you cannot regain control of the account yourself, or if you see signs of activity you cannot explain even after changing your password.
A short checklist
- Use a unique password, ideally through a password manager.
- Never share your password or a verification code with anyone, regardless of who they claim to be.
- Keep your recovery email current and accessible.
- Verify unusual requests from contacts through a separate channel before acting.
- Act immediately — change your password first — if you suspect anything is wrong.