Passwords and 2FA

Using strong passwords

• Use a Password Manager: Your passwords (or other saved personal information) will be stored encrypted on a server and, when you need it, it is retrieved by your computer and only decrypted in the moment you use it. So the passwords are never stored on your computer in plaintext (unencrypted).
  • BitWarden
  • KeePass
  • 1Password
  • LastPass
• Password criteria: longer than 10 characters, contains numbers or symbols (@#$%, etc.)
• Do not use personal details like birthdays, names of family members or pets
• Use a different password for each service.
• Ideally, the password is randomly generated and greater than 10 characters long. Password managers will offer the ability to do this and save the new password.

2-Factor Authentication (2FA)

If someone gets access to your email address this can lead them to get access to your other services (like your bank) because they can use your email to reset passwords to sites you use.

So use 2FA especially on any email provider or anything that controls money (banking, investment, Venmo, etc.).

• Multi-Factor Authentication Apps implement a security standard adopted by the Internet Engineering Task Force (IETF) called Time-based One-time Passwords. The following are open source options that can be used without internet connectivity:

  • Ente Auth
  • Aegis (Android)

• Hardware keys add a very strong layer of protection to your online accounts. Compared to authenticator apps , the FIDO2 security key protocol is immune to phishing, and cannot be compromised without physical possession of the key itself

  • Yubikey
  • Nitrokey