This is an old revision of the document!


How to secure passwords?

Passwords and login methods must be secured.

Use a password manager for all your online passwords, as they are prone to getting hacked and you don't have to memorise a new one to replace it. The password manager will automatically generate passwords for you, one for each website.

Don't use the same password twice for any website. This is particularly important for the organisation's accounts, or any account with administrative privileges to social media profiles etc.

Suggested password managers:

Passphrase

For some time now, passphrases have been recommended instead of passwords. Passphrases uses random words instead of random characters. This makes the phrase easier to remember. With four or five words, it becomes as strong as a much more difficult to remember password (see for example: https://protonmail.com/blog/protonmail-com-blog-password-vs-passphrase/). This passphrase can then be used to secure your password manager. An additional one can be used for your computer login.

There are multiple ways of generating passwords and passphrases. We suggest using your password manager to generate them. KeepassXC allows you to generate random passphrases, for example.

Two-Factor Authentication (2FA)

In addition, it is worth adding two-factor authentication (2FA). This involves using an app on your phone like Google Authenticator and linking it to your phone, or using SMS where you get an SMS sent to your phone from the website in order to log in to new devices. All the major websites will offer some version of this now, but be careful when changing phones or phone numbers.

Note that it is more secure to use an app than to use SMS verification, but SMS verification is much better than not using 2FA at all.