When you sign up for Scratch, you will be asked to give the following information:

• A username (cannot be changed unless in cases of personal information and may only be 3–20 characters with Latin alphanumerics without diacritics, hyphens, and/or underscores. There were old accounts such as the two-character me because of a grandfather clause that didn't have a minimum username length in Scratch 1.x)
  
• A password (to confirm you typed it in correctly, this must be entered twice; also, Scratch has a blacklist of illegal passwords such as “password” or your exact username and must be six or more characters long. There are some grandfather clauses for old accounts who haven't had their passwords updated in a while, such as in the case of rad)
  
• A country (will be published. If you don't want to show users your real country, use Antarctica instead)
  
• A birth month and year (also cannot be changed, but is used to verify account ownership when contacting Scratch support)
  
• An optional gender (cannot be changed either)
  
• An email address (must be confirmed to share projects, studios, comments, and forum posts)
  
• reCAPTCHA input (only to confirm you're a human. Old YouTube tutorials on how to create your Scratch account didn't show the CAPTCHA) (thanks KLT123 for telling me about this in a bug report)
  

A good password should contain:

• At least eight characters
  
• Easy for you to remember, usually based on past experiences
  
• Hard for anyone else to guess
  
• A password that you've never used anywhere else (or a slight variation of it)
  
• Contain a combination of uppercase and lowercase letters, numbers, and symbols
  
• Doesn't contain dictionary words, common patterns, personal information (e.g. names of your pets), words related to the site or its history (e.g. “semicolon-glitch” isn't a good password)
  

This wikiHow article will teach you how to make a better password. Or, as the Scratch Wiki wrote:

The Scratch Wiki wrote:

A technique to make a strong password is to use eight or more random and unrelated English words strung together. For example: “phoneticketdigitalscissorslollipopfaithfulexecutivetwenty”. Please do not use this as a password now that it has been used as an example here. Although this at first may appear less secure, there are about 3,000 words that account for 95% of usage in English. The number of combinations for n common words is hence 3,000n. This means that for 8 words, there are about 7×1027 combinations. At a rate of 1×1010 guesses per second, an eight-word password could be attacked for more than twenty billion years (which will last only 6.3×1017 seconds) without being guessed. However, provided that the password is memorable, there should not be too much interference if letters, numbers, symbols or different capital letters are added.

There is a website dedicated to checking if any passwords you type in were previously found in a data breach; if they are, it's probably not very good to use them. Please note that the password you type in is not actually ever sent to the server at all. This article explains how the passwords actually get sent.

It's good practice to either use a password manager (e.g. LastPass or Dashlane) or change your password every 30 to 90 days if you don't want to use a password manager (the fewer, the better).

Now that you've created an account, in order to share projects, create studios, create forum posts, be invited to studios, and comment, you must confirm your email address. This is so, if you forget your password, you can visit the password reset page, enter your username or email address, wait for a link to get sent to your email, click on the link, and then change your password without you having to know your old password.
To confirm your email address, wait for an email from no-reply@scratch.mit.edu with the subject line “Confirm your Scratch account”
If the email doesn't arrive to your inbox in a few minutes or so, check your spam/junk (whatever you name it) folder. If it's still not there, go here and check that you typed the email address correctly. If you did, click the orange button called “Resend,” which is right next to the text “Can't find the confirmation email? Check your spam folder.” Otherwise, type your real email address (not the one with the typo). A new confirmation link will be sent to that email address and the old confirmation link will be invalidated. If you don't receive the email in your inbox in a few minutes, repeat the steps again.

Once you receive the email, click on the link. If the email looks weird to you, there is another link on the top. If you click on that link, this is how the email is supposed to be like; in other words, the link will show how the email appeared on the sender's end. Read the email and follow the instructions. Make sure the link starts with https://scratch-mit-edu.ezproxyberklee.flo.org by hovering over it on your computer and looking at the URL, as well as using an antivirus to check that you are not being DNS hijacked (Google Chrome is a good browser to replace the antivirus).

Now, how else can you keep your Scratch account safe?

Do not share your password with anyone, ever (except for your parent or legal guardian if you are a minor in your jurisdiction), even if they ask for it or promise not to use your account for harmful stuff. You were specifically told the first part of this sentence (in a paraphrased way) while you've signed up.

Do not give out the value of your scratchsessionid cookie either, even if they ask for it or promise not to use it for what's specified in the password situation above. This cookie contains a lot of metadata and meaning to Scratch's web servers as to what account and computer you are on in order to authenticate you. Even though the cookie expires after a certain amount of time, a hacker (a hacker is a person or bot who tries to pretend to be another person or bot to access a certain portion of a website or program, such as by getting the password correctly) can inject the cookie into their browser within the right amount of time (instructions to do so can vary from browser-to-browser), then change the account email and reset the password. The reason why you should never give out that cookie is because the steps below are the way your computer and Scratch's web server communicate with each other while loading a page when logged in.

1. Your computer sends a request to the centralized directory of web addresses and their associated servers. The request contains the full page URL and any cookies (including their metadata) that fit the criteria.
   
2. The centralized directory of web addresses stores the data received from your computer and looks in their own table to locate the server IP address of scratch.mit.edu, then sends the IP back to you.
   
3. Scratch's web server sends back the information to you once you request the IP your computer received from the web directory.
   

I wouldn't usually go into obvious ones such as not pasting random stuff that people told you to do in the console (except for the feature unshared projects trick, the how to feature project without thumbnail trick, or the longer-than-200-characters “What I'm working on” trick), especially because Scratch's console already specifically gives you a warning in 3.0-styled pages.

Shared accounts aren't normally allowed; please see this post for more information and exceptions.

You should remove the last bit saying to report it to be stickied. other than that it looks great. There are some stuff i reccomend removing such as the link to that password website. This could use some images, want me to get some for you?

The_Imagineer_ wrote:

You should remove the last bit saying to report it to be stickied. other than that it looks great. There are some stuff i reccomend removing such as the link to that password website. This could use some images, want me to get some for you?

I'll keep it like that for now, because other people have referred to it already. (Update: reworded that part)

It's good sometimes to have a sticky without images.

kChiaEC19 wrote:

The_Imagineer_ wrote:

You should remove the last bit saying to report it to be stickied. other than that it looks great. There are some stuff i reccomend removing such as the link to that password website. This could use some images, want me to get some for you?

I'll keep it like that for now, because other people have referred to it already.

It's good sometimes to have a sticky without images.

images for reference because its difficult to understand what your trying to say

The_Imagineer_ wrote:

46009361 wrote:

The_Imagineer_ wrote:

You should remove the last bit saying to report it to be stickied. other than that it looks great. There are some stuff i reccomend removing such as the link to that password website. This could use some images, want me to get some for you?

I'll keep it like that for now, because other people have referred to it already.

It's good sometimes to have a sticky without images.

images for reference because its difficult to understand what your trying to say

Yeah… I guess.

Update: The_Imagineer_ never gave me images since then.

I feel like some parts are too in depth for someone new (especially since Scratch is designed for kids).

SirFlimFlam wrote:

I feel this is too in depth for someone new (especially since Scratch is designed for kids).

You're kind of wrong; you only have sixty-six posts.

Long-awaiting update: Fair point. But, there are a lot of people who can ask their parents about what anything means, and they can confer with [local] computer experts on anything kids don't understand.

kChiaEC19 wrote:

SirFlimFlam wrote:

I feel like some parts are too in depth for someone new (especially since Scratch is designed for kids).

You're kind of wrong; you only have sixty-six posts.

Uh that has nothing to do with my opinion. Also, I have an older account, and I've made a lot of posts on there.

SirFlimFlam wrote:

46009361 wrote:

SirFlimFlam wrote:

I feel like some parts are too in depth for someone new (especially since Scratch is designed for kids).

You're kind of wrong; you only have sixty-six posts.

Uh that has nothing to do with my opinion. Also, I have an older account, and I've made a lot of posts on there.

Oh, right. But I have over 500 posts. And now you have 67 posts.

Update: changed 100 to 500 on purpose

kChiaEC19 wrote:

SirFlimFlam wrote:

kChiaEC19 wrote:

SirFlimFlam wrote:

I feel like some parts are too in depth for someone new (especially since Scratch is designed for kids).

You're kind of wrong; you only have sixty-six posts.

Uh that has nothing to do with my opinion. Also, I have an older account, and I've made a lot of posts on there.

Oh, right. But I have over 100 posts. And now you have 67 posts.

So what? That doesn't make you smarter than someone with fewer posts.

SirFlimFlam wrote:

kChiaEC19 wrote:

SirFlimFlam wrote:

kChiaEC19 wrote:

SirFlimFlam wrote:

I feel like some parts are too in depth for someone new (especially since Scratch is designed for kids).

You're kind of wrong; you only have sixty-six posts.

Uh that has nothing to do with my opinion. Also, I have an older account, and I've made a lot of posts on there.

Oh, right. But I have over 100 posts. And now you have 67 posts.

So what? That doesn't make you smarter than someone with fewer posts.

i agree

SirFlimFlam wrote:

So what? That doesn't make you smarter than someone with fewer posts.

Nothing. I'll remind The_Imagineer_ to give me the images.

oops i didn't know sirflimflam's old account posted while I was writing this

SirFlimFlam wrote:

I feel like some parts are too in depth for someone new (especially since Scratch is designed for kids).

Let's be honest… I agree it could use a bit of simplifying before getting stickied but it certainly helps.

(by the way, some password managers allow you to copy your passwords to your clipboard and then paste it. Others go a bit further and automatically clear the clipboard after a certain number of seconds)

Great guide, regardless.

ResExsention wrote:

SirFlimFlam wrote:

I feel like some parts are too in depth for someone new (especially since Scratch is designed for kids).

Let's be honest… I agree it could use a bit of simplifying before getting stickied but it certainly helps.

(by the way, some password managers allow you to copy your passwords to your clipboard and then paste it. Others go a bit further and automatically clear the clipboard after a certain number of seconds)

Great guide, regardless.

I don't really use password managers, so I don't really comprehend what you are talking about above.

kChiaEC19 wrote:

SirFlimFlam wrote:

I feel like some parts are too in depth for someone new (especially since Scratch is designed for kids).

You're kind of wrong; you only have sixty-six posts.

Having lots of posts does not have to do with whether someone is right or not at all.

If a Scratchers posts hundreds of spam topics, and a different Scratcher posts less than 100 in-depth, helpful, thoughtful posts, does that mean the second person is wrong about whatever they say because they haven't posted as much? Absolutely not.

EIephant_Lover wrote:

Having lots of posts does not have to do with whether someone is right or not at all.

If a Scratchers posts hundreds of spam topics, and a different Scratcher posts less than 100 in-depth, helpful, thoughtful posts, does that mean the second person is wrong about whatever they say because they haven't posted as much? Absolutely not.

Sorry for that.

Awesome guide - this will be really helpful! Its definitely something users should keep in mind when having a Scratch account.

I've added a link to this topic in the stickied thread “More Helpful Topics for New Scratchers”. Thank you for making this!

joshuaho wrote:

Awesome guide - this will be really helpful! Its definitely something users should keep in mind when having a Scratch account.

I've added a link to this topic in the stickied thread “More Helpful Topics for New Scratchers”. Thank you for making this!

*It's

Anyway, thanks!

I got a 404 error when making this post.

I've added some minor changes to the initial post, as explained below:

1. Explaining a brief introduction inside the scratchsessionid cookie data before the details of how it gets sent and received from and to your computer
   
2. Mentioning about pasting stuff that people told you to into the console
   

Not really a bump.