1. Forum
  2. >
  3. Topic: Duolingo
  4. >
  5. Impersonating accounts & Comp…


Impersonating accounts & Compromised accounts?

Image source

.❀.As cute as bunnies are, I recommend against impersonating other people's accounts.❀.

The Community Guidelines are clear: it is prohibited. The people who make the choice to impersonate other people's accounts lose access to the forums. :(

I want to take this opportunity to remind people to verify your email accounts. Even if you know your email is real, you still need to verify it and soon.

For added security, use a different password for your email account than you use for your Duolingo account. Also, sign out of Duolingo whenever you leave your computer.
If someone gets into your account you are responsible for its activity.

If you suspect someone has gotten into your account
Sign Out of Duolingo and click "Forgot Password". See the Help Article. This will send a link to your verified email address and allow you to change your password. (If your account has a fake email address, you won't be able to get back into it unless you remember the password on your own. Clicking "forgot password" only works if you already have a real email account connected to your Duolingo account.)

(Image from Desktop version of Duolingo.)

Regarding the person who sought to impersonate me earlier today: If my account was ever compromised, I wouldn't use another account to create the post telling you about it. ;)

Instead, I would employ the backup plan that has been in place since people started impersonating me in 2014.

If my account were compromised:
1. It would be banned.
2. Staff would then look forward to contact from one of two pre-designated people I would call with a phone.
3. Staff and I would work together to reclaim my account and then staff would unban it.

(Yeah, I take this stuff seriously.)

If my account was unable to be reclaimed, a verified staff account (so, not me) would announce my adoption of a new account for moderating.

You can identify a verified staff account from an impersonated account by a combination of two things: 1. Staff accounts have a blue ring around their icon that makes the icon larger than general user icons and 2. When you hover the cursor/mouse over a staff's icon, the word "Admin" appears.

Currently, volunteer Mod, Contributor, Educator, and event Host accounts all have either a green or gold ring. You can differentiate what kind of volunteer they are by hovering over their icon. A person with a ring is not a moderator unless the word "moderator" appears.

I won't contact you as a moderator without a moderator account. You can identify a real moderator account by seeing their green or gold ring AND by the the "Moderator" that appears when you hover over the moderator's icon.

Go be cute your own way.

Image source

January 22, 2018



Really appreciate the measures you're taking Usagi.

It's sad that people on here impersonate in the first place, what with it being a place to study languages, not another social media outlet.

Hopefully this whole impersonation trend ends soon...


It really stinks that certain measures have to be taken for this kind of stuff. :( Thank goodness there are awesome people like you out there to take these measure. :)


Oooooooh the cute wittle wabbits!!


It’s good to know that the staff takes impersonation attempts seriously. Are there any tips or measures you recommend regular users to follow to protect their accounts against impersonation?


Don't join classrooms of persons you do not know AND trust in real life. Choose your password well and do not disclose it. Just the same stuff as you would do for any other account that you do not want to be used by someone else?


Hi Arachnje, just the ones I've listed in the OP. Though, I'll add more if they come to mind. :)


I have one more: log out after using DL on shared devices (library / school pc's...)


Ha! I beatcha to it. It was there when I posted it. :P (PS I miss working with you!)


Indeed. Seems as if I was too distracted by the pictures to notice it :D


Assuming I am completely logged out of everything and fall victim to a hacker... Why am I responsible for any damage s/he does? I understand I'm responsible for my account but if I do everything as I'm supposed to, why then do I become responsible for someone else's actions?


Hi Joat2B,

Unfortunately, people have abused the forums and community members with their accounts and then claimed it was somebody else. Sure, sometimes, someone does get into someone else's account somehow. We cannot tell if someone left their computer open, used a weak password etc. However, if people can always claim "someone got into my account", then they are free to abuse Duolingo and community members with that excuse. So, Duolingo had to make a decision: Accounts are responsible for the activity that comes out of them. There are very few exceptions, such as staff accounts and highly trusted moderators' accounts. If you are looking for someone to direct any upset about this to, I recommend the people who abused the explanation. At first, Duolingo would help people reclaim their accounts (direct them to the "forgot password" button so the person could reset their password, and things would settle down. But, for a stretch of time it became popular for people to lie about this in order to bully people and get away with it, to the extent that Duolingo had to draw the line. :(


That is indeed sad, but understandable. You can never know who can be trusted online. Though, it is unfortunate that an abiding user who has been hacked must suffer the consequences of other people's misbehavior.


I've been tricked by impersonating accounts, so I'm glad someone takes it seriously. Also, sorry that this happened to you. ^ ^


Thank you for sharing this, it's great to hear that impersonation is taken seriously! Hopefully, yours or anyone's account is never compromised.

Best of luck!


The original policy was a warning with a designated wait time for compliance. But, it looks like it was updated last year around March to just ban the accounts that are found to be impersonating.

To anyone reading this comment who might be wondering, if a person leaves a username, they give up rights to it and anyone can claim it. So, if you're attached to your username, don't change it even temporarily.


Impersonation is something that should definitely be taken seriously, as it can have a major, negative impact on the community. So, I'm glad that Duolingo has enforced this.


Thanks for this! This isn’t the first impersonation attempt, and I’m glad it’s being taken seriously!


Hi Neutrino,

Please don't post email addresses, whether or real or fake to the forums. Staff and very few mods are granted exceptions to that, but even then we almost never exercise that exception. Duolingo's forums are age diverse and we want to make sure that people are setting a good example of not sharing information that has been prohibited by the Guidelines.

If you're ever not sure if you have a real email connected with Duolingo, before signing out go into your settings and check the email you've listed.

If you don't know the password to your account and you haven't used a real email address with that account, there is no way to get back into it unless you remember the password.

I had to delete your message though because it has an email address in it. And while I used to be able to leave nested replies undeleted so you could have seen this, it now automatically deletes nested replies as well. :(


Then I'll simply give away that username, to whoever wants it.


I believe you may be over-reacting a bit... :(


It's not that, this is the second time he or she deletes any question I have for them while giving no solution whatsoever, and it's frustrating.


I have a related question about this. I originally signed up with my Google account and so I don't have a password with Duolingo.

I wanted to create a Duolingo password so I could sign in independently of Google, but when I go into my settings, there are two fields; one for the old password, and one for a new password -but no prompt for forgotten passwords.

I don't know what to do in this scenario. Any ideas?


I've answered a similar question recently here: https://www.duolingo.com/comment/25973578

It's been a while since I did that, but as far as I remember I "tried" to log in with my username and then hit "I forgot my password". I was sent an e-mail (to the Google mail account) and was able to choose a password on Duolingo.

Later I "cut" the bonds by not allowing Duolingo to get information from Google (to do in your Google account, not here).

I hope that makes sense; English is not my native language.


Strandfloh, Thank you!


You're welcome! I hope it'll do the trick.


Your English is great. I wouldn't have known it's not your native tongue had you not told me. Thanks for the info!


Hi aristobe,

The Help page article I forgot my password, how do I reset it? says:

>If you originally signed up with Google or Facebook, you will need to supply the email associated with your Facebook or Google account instead. If you signed up with an incorrect or fake email address, you will not be able to change your password.

I've never used a Google or Facebook account. Since it doesn't let you change it in your settings, I am currently assuming that if you log out, then provide the email address and password you use for that Google account, it will let you back in and (hopefully) see the settings the way I do, where I can change the email associated with the account.

If you try that, will you confirm whether my assumptions were correct?


Yikes! White knuckles... I will let you know what transpires 1) if I manage to get the nerve to logout 2) I get back in.

Thanks, Usagi!


Also, moderator rings have that bulge in the lower right, so if someone's icon is completely circular then we can tell it's not a mod account. ;)


Sorry you still have to deal with this kind of thing after all these years Usagi, but the only people who don't appreciate your work are the ones who don't deserve to be here. You have always been a big help to the functioning of Duolingo.


Hi again! I just wanted to let people know that some of your comments are getting deleted, not because they break the guidelines, but because they are nested under a comment that has. In the past, we could delete a parent comment and leave the nested comments if they didn't break the guidelines. However, now the whole thread deletes. I don't know if this is temporary or permanent. It's not something I have any control over.

If your comment broke the guidelines, you will receive a message from a moderator or member of staff. Be sure you've verified your email account. If you are using a fake email address, you won't get such messages. Being able to receive messages from moderators and staff is important. You might get messages that let you know not to do things. If you don't see the message and keep doing things, staff might ban your account. We can't tell whether or not you got the message. Soon, everyone will be required to verify their email address or they won't be able to comment, vote, make posts, etc. They will only be able to use the course. But, please don't wait until the last minute to verify your email.

Anyhow, I mainly just wanted to let people know who are missing legitimate comments why they are gone. Sorry about any stress or confusion it may have caused!


Thanks for the feedback folks! I've made a couple of edits and linked the Help article "I forgot my password, how do I reset it?" in the OP up top. :)


such cute rabbit


Are the bots still active? can there be an added non-bot feature?


who actually be doing this like grow up people yall know if yall do this in real life u will be serving time in prison for it

Learn a language in just 5 minutes a day. For free.