Password complexity matters.
Don't use passwords that are easy to remember.
Use a password manager to automatically create long-phrase or complex passwords like:
This minimizes your risk of dictionary attacks, even with long-phrase common words. The random and long nature is hard to crack.
@theprivacyfoundation One of the problems I often see is someone using a password manager but securing it with a password that's too simple. I always recommend that people use diceware to come up with a secure and memorable passphrase for locking their vault.
Then added 2FA to the sign in process for an extra layer.
If someone gets through all of that, they earned it haha.
Personally, I use substitutions such as (not necessarily including 😉) 3s for Es, 1s for Is, Qs for Ps, Us for Ns, etc. as well as the reverse in addition to challenge-response from my YubiKey. It's gotten to the point where I either enter them by muscle memory or I make 2-3 attempts before succeeding 😂
I like to make long ridicolous sentences but that I can remember.
That could be something that is more approachable and more managable for common people while making more people more secure.
Great advice. I use KeePassXC myself to create 40 character random passwords for all of my accounts.
Server run by the main developers of the project It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!