Password complexity matters.

Don't use passwords that are easy to remember.


Use a password manager to automatically create long-phrase or complex passwords like:




This minimizes your risk of dictionary attacks, even with long-phrase common words. The random and long nature is hard to crack.

@theprivacyfoundation One of the problems I often see is someone using a password manager but securing it with a password that's too simple. I always recommend that people use diceware to come up with a secure and memorable passphrase for locking their vault.

Completely agree. Diceware is the best method. So make it strong and then find a manager you trust. I'd recommend KeepassXC

I use my password manager to generate my master password 😀

@amolith @theprivacyfoundation I went with using something no one could guess by knowing me. Adding characters and then checking it with a tool to let me know how long it would take to crack.

Then added 2FA to the sign in process for an extra layer.

If someone gets through all of that, they earned it haha.

@theprivacyfoundation @danarel
Personally, I use substitutions such as (not necessarily including 😉) 3s for Es, 1s for Is, Qs for Ps, Us for Ns, etc. as well as the reverse in addition to challenge-response from my YubiKey. It's gotten to the point where I either enter them by muscle memory or I make 2-3 attempts before succeeding 😂

Important toot!

I like to make long ridicolous sentences but that I can remember.

That could be something that is more approachable and more managable for common people while making more people more secure.


Great advice. I use KeePassXC myself to create 40 character random passwords for all of my accounts.

Sign in to participate in the conversation

Server run by the main developers of the project 🐘 It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!