Password complexity matters.

Don't use passwords that are easy to remember.


Use a password manager to automatically create long-phrase or complex passwords like:




This minimizes your risk of dictionary attacks, even with long-phrase common words. The random and long nature is hard to crack.

@theprivacyfoundation One problem I've run into are sites (even those that manage sensitive info) that impose password rules that restrict complexity, e.g. no symbols, or low maximum character lengths.


@lrhodes Also consider adding a + to your email address if your username is an email.

Example: could be

You will still receive the email with this method.

@theprivacyfoundation @lrhodes I know this works for gmail, can you still do this with other email providers?

@jrhawley @lrhodes We use it regularly on other providers. Some may disallow it, but unsure as to whom. If you give it a try and it does not work, let us know :)

@theprivacyfoundation @lrhodes sadly there are still sites that think an e-mail address can't have a plus sign in the local-part, even though sub-addressing is part of the RFCs...

Sign in to participate in the conversation

Server run by the main developers of the project 🐘 It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!