title: "Password Best Practices"

path: "/hackers/passwords.html"

id: "hackers/password-best-practices"

Passwords are used to protect access to your account from unauthorized users. When coming up with passwords to various accounts, there are standards and best practices to follow so that your accounts are best protected.

* String together 4 random words.

* Example: correctwhalebatterystaple

* Use a minimum of 12 characters in your passphrase. The longer your password, the better.

* Use a different password for each site you log into. This ensures that if another site is breached or your password is leaked somewhere, it can’t be used to log into another site.

* Avoid:

* Using single dictionary words, spatial patterns (i.e. qwerty, asdf), repeating letters, or sequences (i.e. abcd, 1234).

* Making the first letter an uppercase.

* Substituting letters with common numbers and symbols.

* Using years, dates, zip codes.

Password management tools are helpful in storing and organizing your passwords so that you don’t have to memorize all of your unique passwords. Many enable you to sync your passphrases across multiple devices and can help you log in automatically. These password managers encrypt your password library with a master password that becomes the only thing you just need to remember.

Enabling two-factor or multi-factor authentication provides an additional layer of security to ensure that you’re the authorized user logging into your account. Not all applications provide [two-factor authentication](https://twofactorauth.org/), but when it’s available, it’s in your best interest to set it up. You can [enable two-factor authentication](https://docs.hackerone.com/hackers/two-factor-authentication.html) on HackerOne under your profile’s **Settings > Authentication**.

- title: Password Best Practices

path: /hackers/passwords.html