Use Password Manager

Never, ever re-use passwords. Humans can’t remember dozens of complex passwords, so we use a password manager.

  • Use LastPass as your password manager
  • Secure it with a black YubiKey (only get the Neo if you have Android phone otherwise there’s no point)
  • Use a long pass phrase. That’s the only one you have to remember, ever

Use LastPass to generate random 30+ character passwords for all your other accounts. Make them as complex as the site will allow. Tick all the complexity boxes where possible. You will never have to remember these.

Pass Phrase Complexity

What you’ve been told about passwords is a lie. Use a phrase consisting of five or more words with punctuation. Throw in some numbers for good measure and you are good. It does not have to be iron clad, because you will be relying on your second factor. So even if someone knows your password they will still have to physically steal your hardware key.

Use 2FA Everywhere

Do not use your black LastPass Yubikey for anything else.

If the account does not have 2FA get rid of it.