Shop Etsy

Safety (and Privacy) First

Oct 9, 2012

by natalieschwartz handmade and vintage goods

When you first joined Etsy, you entrusted us with the responsibility to protect the personal information necessary to set up an account, make a purchase, or open a shop. In turn, we ensure that each new feature we launch on Etsy lives up to our high standards of security and Internet privacy. We are happy to share that today we’re launching three new optional security settings that offer Etsy members further control and visibility into their accounts. Additionally, as our platform has evolved in the last year, we’ve revisited our policies and are making several changes to our Privacy Policy. I’ll walk you through both below.

What are the new Security Settings?
Our Security Engineering Team explains the technical ins and outs of building these features in their post on the Etsy engineering blog, Code as Craft. For the rest of us, here’s a rundown of the new Security Settings and what it means to enable them.

Before I explain the specific factors, I wanted to point out that making these features optional is industry standard. We are confident as ever in our site’s security, but recognize that many of you may use multiple computers or share logins on your account. In these cases, we believe these features can help provide peace of mind, that it’s you and only you (or your business partner) signing into your account.

Two-Factor Authentication:
This sounds fancy, but is really quite simple. Rather than having just one password or way to access your account, you can choose to have two. Enabling two-factor authentication means that when signing into Etsy from a new browser, and every 30 days in the same browser, you will be asked to enter a second code after your password when signing in. This second code will be generated and sent to your phone via SMS or voice call at the time of sign in. This is an extra measure you can put in place if you’re frequently logging into your account. When you enroll you will also get some backup codes you can use if you don’t have your phone with you when asked for a code. Think of it as adding a deadbolt lock to your door where there’s currently a single lock.

Login History:
Picture this — you get home from work and realize you left your Etsy account open on your shared work computer. If you enable Login History, you can return to the Security Settings page to view the ten most recent logins to your Etsy account by location so you can go ahead and log out that session from work! This is a nice security measure to take, especially if you frequently sign in to Etsy from multiple or public computers.

Full Site SSL:
SSL (“Secure Sockets Layer”) is an industry standard way to protect transfer of information on the Internet. When you enable SSL, the messages, information and data that are communicated when you perform any action on Etsy pass through an additional layer of encryption to prevent interruption or access from anyone other than you or Etsy. As a signal of the security you will see “HTTPS” in your address bar rather than the standard “HTTP.” We currently have SSL enabled on all pages with sensitive information on Etsy, however we are now giving you the option to secure all information that passes between you and Etsy. More and more sites are adding full-site SSL, and we recommend turning this feature on if you frequently sign in to Etsy from locations with shared WiFi like coffee shops or airports. We are working to make the Etsy experience on SSL just the same as it is without, however you may experience slower load time or occasional difficulties viewing pages on the site.

What changed in the Privacy Policy?
In addition to offering new optional security features, we’re updating our site-wide Privacy Policy to account for Etsy’s growth and clarify the way we use information. You’ll be receiving an email from Etsy about these changes in the next week, and you can review the whole policy here. However, here are the three important points you should know:

  1. We’ll soon allow you to find (and be found by!) your Facebook friends on Etsy. If you would rather not be found by Facebook friends, you can opt out in your Etsy Account settings.
  2. We know communication is important to you — and so is choosing how you’d like to be contacted by Etsy. We recommend you take a minute to review and update your contact preferences.
  3. We’ve created a brand new page to explain how we use technology to gather important data to help us continually improve Etsy and provide a more personalized experience. Check out our new Cookies & Tracking Technologies page.

We hope this helped clarify our new Security Settings and Privacy Policy so that you can make smart decisions about how you’d like to protect your account and be contacted by Etsy. If you have questions about the new Security Settings, we welcome your discussion in this forum thread.