GOLDEN RULE!
NEVER EVER EVER! GIVE ANYONE ELSE (But yourself) ACCESS TO ANY OF YOUR ACCOUNTS, EVER!
To make both brute force and standard targeted unhashing a bit more difficult, use this
Tip #1
http://preshing.com/20110811/xkcd-password-generator/
to generate your password base, then modify it in a way you will make it both more unique but memorable with you.
Either anagrams or text code or something unique only few would know (maybe another language like Klingon).
Tip #2
NEVER answer recovery passwords (when making them) with the real answers, nearly all of which are discover able once your real name and location is known with a little bit of IRL detective work.
Tip #3
USE 2FA! ALWAYS! 2 factor authentication allows you a fail safe in the event your account password is guessed or seen or unhashed.
Tip #4
NEVER EVER use the same password or recovery answers on different websites or accounts, EVER!
Tip #5
Changing your password regularly doesn't do shit for you if you take great lengths for it to not be discovered for that account (remember, ever site/account has a different password).
The only time it matters is:
.1 If database was ripped and hackers are unhashing all passwords looking for collisions, some real passwords will be found so it's important when there is a compromise to provider to immediately change password.
.2 If you are a target and can't change your email, change your password, for account in question, randomly somewhere between every week to bi-monthly unless a man in the middle type attack or phishing/human engineering attack is likely to be used.
Tip #6
Harden your defense against human engineering, if you account can be accessed via phone or chat, ask provider to enable a security check before providing any information. Usually in addition to 2FA, this will be a pin or passcode. You can take it 1 step farther by leaving a short note in your second address line or attention line of your address on your account. Also, DO NOT answer ANY questions to calls made to you about your "accounts", instead, hang up and call provider directly on a secure line.
There's a lot more things you can do, but... you'll need to figure that out yourself as security by obfuscation gets nulled when shared.
NEVER EVER EVER! GIVE ANYONE ELSE (But yourself) ACCESS TO ANY OF YOUR ACCOUNTS, EVER!
To make both brute force and standard targeted unhashing a bit more difficult, use this
Tip #1
http://preshing.com/20110811/xkcd-password-generator/
to generate your password base, then modify it in a way you will make it both more unique but memorable with you.
Either anagrams or text code or something unique only few would know (maybe another language like Klingon).
Tip #2
NEVER answer recovery passwords (when making them) with the real answers, nearly all of which are discover able once your real name and location is known with a little bit of IRL detective work.
Tip #3
USE 2FA! ALWAYS! 2 factor authentication allows you a fail safe in the event your account password is guessed or seen or unhashed.
Tip #4
NEVER EVER use the same password or recovery answers on different websites or accounts, EVER!
Tip #5
Changing your password regularly doesn't do shit for you if you take great lengths for it to not be discovered for that account (remember, ever site/account has a different password).
The only time it matters is:
.1 If database was ripped and hackers are unhashing all passwords looking for collisions, some real passwords will be found so it's important when there is a compromise to provider to immediately change password.
.2 If you are a target and can't change your email, change your password, for account in question, randomly somewhere between every week to bi-monthly unless a man in the middle type attack or phishing/human engineering attack is likely to be used.
Tip #6
Harden your defense against human engineering, if you account can be accessed via phone or chat, ask provider to enable a security check before providing any information. Usually in addition to 2FA, this will be a pin or passcode. You can take it 1 step farther by leaving a short note in your second address line or attention line of your address on your account. Also, DO NOT answer ANY questions to calls made to you about your "accounts", instead, hang up and call provider directly on a secure line.
There's a lot more things you can do, but... you'll need to figure that out yourself as security by obfuscation gets nulled when shared.
Last edited: