Skip to content

This chapter is geared towards beginners. No particular tech skills are required.

Secure passwords & two-factor authentication

Diceware

Diceware

Diceware is a popular method to create strong and unique, yet simple to remember passwords. All you need is a dice, a pen and a piece of paper. If you choose a password composed of at least 7 words, this is considered as virtually unbreakable by today's technology standard. Read on below to learn more.

Show me step-by-step instructions

Steps Instructions
1 Select a diceware list. For example the original list, or the list provided by the Electronic Frontier Foundation. There are many others to choose from, in several languages.
2 Roll a dice 5 times and write down the numbers.
3 Look up the corresponding word in the diceware list, and write it down.
4 Repeat the previous steps until you have at least 6 words. Actually, 7 words are recommended to achieve an entropy of 90.3 bits. According to Diceware's FAQ, this is unbreakable with any known technology, but may be within the range of large organizations by around 2030. Eight words should be completely secure through 2050.
5 The combination of these words is your secure password. Make sure to separate the words by a space.

Show me a summary video

Courtesy of the Electronic Frontier Foundation.

Has my account been hacked?
Where you hacked? Description
Have I Been Pwned Reverse search engine to check your email or password against a huge list of stolen data.
Dehashed Search for IP addresses, emails, usernames, names, phone numbers and so on to gain insight on database breaches and account leaks.


Keepass

Keepass

Keepass is a free and open source password manager, available on almost all devices. It stores your passwords in an encrypted database, which itself is protected by a master password — one password to rule them all. Obviously, you should never forget this master password!. We also recommend to keep your password manager database offline. Store it locally on your devices, and keep two remote copies as backup. Finally, don't forget to regularly change your passwords.

Keepass mobile clients

Keepass DX is a free, secure and open source password manager for Android. Download the app from Google's Play Store, F-Droid or Aurora Store. It contains 0 trackers and requires 6 permissions.

At the time of writing, there was no free version of Keepass available for iOS. Strongbox is a secure and open source Keepass client, available on the App Store.

Keepass desktop clients

KeePass XC is a cross-platform, community-driven, free and open source password manager. Download the installer, double click on the .msi file and follow the installation wizard.

KeePass XC is a cross-platform, community-driven, free and open source password manager. Download the installer, it should open by itself and mount a new volume containing the Keepass XC application. If not, open the downloaded .dmg file and drag the appearing Keepass XC icon on top of the Application folder. For easy access, open the Applications folder and drag the Keepass XC icon to the dock.

KeePass XC is a cross-platform, community-driven, free and open source password manager. Open the terminal with the CTRL + ALT + T shortcut, or click on the "Applications" button on the top left and search for "Terminal". Run the following commands to install KeePassXC:

sudo add-apt-repository ppa:phoerious/keepassxc
sudo apt update
sudo apt install keepassxc
Show me a summary video

Courtesy of the Electronic Frontier Foundation.


Two-factor authentication

Two-factor authentication

Two-factor authentication (2FA) provides an additional security layer. It requires more than just a password to access services or accounts. For example, a single-use verification code sent by SMS or generated by an authenticator app or key.

While two-factor authentication is generally considered to increase security, it offers additional surface for cyberattacks such as Phishing, identity theft (SIM swap) or SMS hijacking (SS7 attacks). It is also less convenient to the average user.

Choose for yourself if two-factor authentication brings additional benefits, depending on your threat model. If you go for it, don't forget to safely store the backup codes that some services provide. They can be life savers when you loose access to your phone or authentication program.

2FA mobile clients

AndOTP is a free and open source two-factor authenticator for Android. Download the app from Google's Play Store, F-Droid or Aurora Store. It contains 0 trackers and requires 1 permission.

Tofu is a free and open source two-factor authenticator for iOS, available on the App Store.

2FA desktop clients

Yubico Authenticator is a cross-platform and open source authenticator app. It requires a physical hardware key. Download the installer and follow the installation wizzard.

Yubico Authenticator is a cross-platform and open source authenticator app. It requires a physical hardware key. Download the installer, it should open by itself and mount a new volume containing the Yubico application. If not, open the downloaded .dmg file and drag the appearing Yubico icon on top of the Application folder. For easy access, open the Applications folder and drag the Yubico icon to the dock.

Yubico Authenticator is a cross-platform and open source authenticator app. It requires a physical hardware key. Open the terminal with the CTRL + ALT + T shortcut, or click on the "Applications" button on the top left and search for "Terminal". Run the following commands to install Yubico Authenticator:

sudo add-apt-repository ppa:yubico/stable
sudo apt update
sudo apt-get install yubioath-desktop


Password strength