Password complexity matters.

Don't use passwords that are easy to remember.

catcatcat23
dog82
Badger16

Use a password manager to automatically create long-phrase or complex passwords like:

catdogBadgerjumpThunderMonkeyTranscendGuitarRampant

or

91JkOunJ1%8na(10pNhHu1*5mn_rseTm

This minimizes your risk of dictionary attacks, even with long-phrase common words. The random and long nature is hard to crack.

@theprivacyfoundation One problem I've run into are sites (even those that manage sensitive info) that impose password rules that restrict complexity, e.g. no symbols, or low maximum character lengths.

Follow

@lrhodes Also consider adding a + to your email address if your username is an email.

Example: nancy@sample.com could be nancy+a9h@sample.com.

You will still receive the email with this method.

@theprivacyfoundation @lrhodes I know this works for gmail, can you still do this with other email providers?

@jrhawley @lrhodes We use it regularly on other providers. Some may disallow it, but unsure as to whom. If you give it a try and it does not work, let us know :)

@theprivacyfoundation @lrhodes sadly there are still sites that think an e-mail address can't have a plus sign in the local-part, even though sub-addressing is part of the RFCs...

Sign in to participate in the conversation
Mastodon

Server run by the main developers of the project 🐘 It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!