Chapter 8 – Passwords and 2fa
September 25, 2025•392 words
Chapter 8 – Passwords and 2fa
Password managers are a great tool everyone should be using. They keep track of all
your accounts while also being able to provide and use very secure passwords that you do
not even need to try to remember.
For this I recommend Bitwarden it has a free and a paid version, I use the free version daily, it
will sync across all your devices, and generate passwords for you. You can even set it to auto fill on your phone, so you don’t need to keep toggling apps. I recommend using the most
complex passwords any website will let you use, all mine are currently 32 to 42 characters
long and every option is enabled when possible (special characters, capital letters, numbers).
The only downside to Bitwarden is that it does store your passowrds/notes in the cloud and
because of that is a Huge target for threat actors, as if they can get into the right area they
have all the info for every account not just one website or company. That being said they are
clearly aware of this and any breach they suffer would be devestating to their buisness, a
pretty good reason to have the best security you can.
You could also use KeepassXC or keepassDX on android it works in the same way, also a
very good tool, it stores passwords and info locally so there is that bonus, the downside is you
wont be able to just log into your account on a new device and have all your
passwords/usernames.
Along with your password manager I strongly recommend using 2fa/mfa (2 factor
authentication/ multi factor authentication) on every site you can. Being honest however you
are willing to do it, via email, phone number, Google authenticator, you should. My 2
recommendations is either Aegis an open source 2fa app. Or for an added layer of security
getting a physical key such as a YubiKey, this is what I personally use. Here is the website for
more information https://www.yubico.com/ if you wish to go that route I recommend doing
some research first and buying a backup key along with your main key, would really be
annoying to break your only key sitting on it. I also recommend always saving the recovery
info for any account somewhere secure such as your password manager.