Skip to content

Latest commit

 

History

History
24 lines (17 loc) · 2.05 KB

tips.md

File metadata and controls

24 lines (17 loc) · 2.05 KB
Raw

A good password contains:

  • At least 8 characters, but prefer 15 or more
  • No easy-to-guess phrases or common passwords (See https://github.com/danielmiessler/SecLists/tree/master/Passwords/Common-Credentials)
  • At least one each of a lowercase and uppercase letter, a number, and a special character
  • A sequence of characters with no observable pattern (example: things like a1b2c3d4 shouldn't be used over something like d.Y2/90a)
  • Some sort of meaning that you can use to remember it (i.e mbodHis12! = "my big old dog Harris is 12!")

A bad password contains:

  • Less than 8 characters
  • Common, easy-to-guess phrases
  • Sequences of repeated characters or obvious patterns
  • Little variety in the characters

Never, ever share your passwords. Ever. They are the single most important piece of security in almost everything online. A single person getting your password can cause it to be shared all over the internet, potentially leaking sensitive info.

If you can't think of a good password, hundreds of tools online can help you with that, or you can use the random password generator on here (Ctrl+R on the main window or on the entry adding/editing dialog).

Change your password often. Leaks occur often. Remember to occasionally check https://haveibeenpwned.com/ and enter your email to see if your password may have been leaked.

Do not use the same password for everything. At the very most, use a password on 2 different sites. If someone gets your password and you use the same one for everything, then your accounts will likely be compromised and sensitive info could be leaked.

Do not store your passwords in an easy-to-find location. Either use a password manager like this one, or store it in a place nobody can find. Never just try to "remember" them, either--your memory is volatile. A password manager is far better at remembering things than you ever will be.

No matter how securely a website or application stores its passwords, the strength of your password is always the weakest link. Check with online password strength checkers to verify your password is strong enough.