Password Security Guide

This guide distills practical steps to secure your accounts. Use our strong password generator to create high-entropy passwords and passphrases in your browser.

Core Principles

• Uniqueness: Every account gets a different password.
• Length: Prefer 14+ characters or 4–6 random words.
• Randomness: Use a generator; avoid patterns and phrases from memory.

Two-Factor Authentication (2FA)

Enable 2FA via authenticator apps (TOTP), security keys (FIDO2/WebAuthn), or hardware tokens. Avoid SMS when possible due to SIM-swap risks.

Password Managers

• Use a reputable manager to store and autofill.
• Protect your master password and consider adding a security key for vault unlock when supported.
• Audit entries periodically; rotate outdated or weak passwords.

Phishing Protection

• Verify domain names and SSL certificates before login.
• Avoid links in unsolicited emails or messages.
• Use a password manager—autofill often fails on fake sites, which is a red flag.

Breach Response

• Check if your email appears in breach databases (e.g., HIBP).
• Immediately change any compromised passwords and enable 2FA.
• Monitor for unusual account activity and revoke unknown sessions/devices.

Generate a Strong Password