How To Secure Passwords And Avoid Leaks¶
In our digital era, data production surges daily. Each person interacts with digital data around 4,900 times daily, roughly every 18 seconds. Phones, computers, watches, fridges, and cloud services store significant information across various aspects of our lives.
We’ll discuss how to safeguard against unauthorized access with strong, unique and memorable passwords. We’ll also cover handling password leaks, using open-source password managers like Keepass or Strongbox, and enabling two-factor authentication for added security.
Diceware¶
Create robust passwords with Diceware, a method requiring just dice, pen, and paper. A password made up of 7 random words is virtually unbreakable.
Step-by-step guide
| Steps | Instructions |
|---|---|
| 1 | Select a Diceware word list. For example the original list, or the list provided by the Electronic Frontier Foundation. There are many others to choose from, in several languages. |
| 2 | Roll a dice 5 times and write down the numbers. |
| 3 | Look up the corresponding word in the Diceware list, and write it down. |
| 4 | How long should a password be? Repeat the previous steps until you have at least 6 words. Actually, 7 words are recommended – depending on the password entropy calculator, this achieves an entropy of approximately 90 bits. According to Diceware's FAQ, this is unbreakable with any known technology, but may be within the range of large organizations by around 2030. Eight words should be completely secure through 2050. |
| 5 | The combination of these words is your secure password. Make sure to separate the words by a space. |
2-minute video
Courtesy of the Electronic Frontier Foundation.
Has my password been hacked?
| Where you hacked? | Description |
|---|---|
| Have I Been Pwned | Reverse search engine to check your email or password against a huge list of stolen data and hacked accounts. |
| Dehashed | Search for IP addresses, emails, usernames, names, phone numbers and so on to gain insight on security breaches, database breaches and account leaks. |
Keepass¶
Keepass, a free and open-source password manager, safeguards your passwords across devices. Its encrypted database, containing all your passwords, is itself shielded by a master password – never forget it! For added protection, store your password manager database offline. Keep copies locally on devices and maintain two remote backups.
Step-by-step guide
Keepass DX is a free, secure and open source password manager for Android. Simply download the app from Google's Play Store, F-Droid or Aurora Store. It contains 0 trackers and requires 6 permissions.
Step-by-step guide
KeePass XC is a cross-platform, community-driven, free and open source password manager. Download the installer, double click on the .msi file and follow the installation wizard.
Step-by-step guide
KeePass XC is a cross-platform, community-driven, free and open source password manager. Download the installer, it should open by itself and mount a new volume containing the Keepass XC application. If not, open the downloaded .dmg file and drag the appearing Keepass XC icon on top of the Application folder. For easy access, open the Applications folder and drag the Keepass XC icon to the dock.
Step-by-step guide
KeePass XC is a cross-platform, community-driven, free and open source password manager. If you run a Linux distribution such as Ubuntu, open the terminal with the CTRL + ALT + T shortcut, or click on the Applications button on the top left and search for Terminal. Run the following commands to install KeePassXC:
sudo add-apt-repository ppa:phoerious/keepassxc
sudo apt update
sudo apt install keepassxc
2-minute video
Courtesy of the Electronic Frontier Foundation.
Two-Factor Authentication¶
Boost security with Two-Factor Authentication (2FA) based on your threat modeling. This adds an extra layer of security: accessing your accounts or data requires an additional verification code from an authenticator app or via SMS.
Despite 2FA’s advantages, stay vigilant against risks like phishing, identity theft (SIM swap attack) or SMS hijacking (SS7 attacks). And securely store backup codes for emergencies : in case of phone loss or authentication app issues, they’re invaluable.
Step-by-step guide
AndOTP is a free and open source two-factor authenticator for Android. Simply download the app from Google's Play Store, F-Droid or Aurora Store. It contains 0 trackers and requires 1 permission.
Step-by-step guide
Yubico Authenticator is a cross-platform and open source authenticator app. It requires a physical hardware key. Download the installer and follow the installation wizard.
Step-by-step guide
Yubico Authenticator is a cross-platform and open source authenticator app. It requires a physical hardware key. Download the installer, it should open by itself and mount a new volume containing the Yubico application. If not, open the downloaded .dmg file and drag the appearing Yubico icon on top of the Application folder. For easy access, open the Applications folder and drag the Yubico icon to the dock.
Step-by-step guide
Yubico Authenticator is a cross-platform and open source authenticator app. It requires a physical hardware key. Open the terminal with the CTRL + ALT + T shortcut, or click on the Applications button on the top left and search for Terminal. Run the following commands to install Yubico Authenticator:
sudo add-apt-repository ppa:yubico/stable
sudo apt update
sudo apt-get install yubioath-desktop
