1
1
mirror of https://github.com/privacyguides/privacyguides.org.git synced 2026-07-07 17:04:42 +00:00

style!: Convert wiki articles to Hugo formatting

This commit is contained in:
2026-05-13 00:29:52 -05:00
parent 5a6d219c29
commit abf140ce8e
47 changed files with 211 additions and 281 deletions
+11 -11
View File
@@ -16,9 +16,9 @@ This is called [credential stuffing](https://en.wikipedia.org/wiki/Credential_st
### Use randomly generated passwords
==You should **never** rely on yourself to come up with a good password.== We recommend using [randomly generated passwords](#passwords) or [diceware passphrases](#diceware-passphrases) with sufficient entropy to protect your accounts and devices.
<mark>You should **never** rely on yourself to come up with a good password.</mark> We recommend using [randomly generated passwords](#passwords) or [diceware passphrases](#diceware-passphrases) with sufficient entropy to protect your accounts and devices.
All of our [recommended password managers](../passwords.md) include a built-in password generator that you can use.
All of our [recommended password managers](../../tools/software/passwords/_index.md) include a built-in password generator that you can use.
### Rotating Passwords
@@ -26,10 +26,11 @@ You should avoid changing passwords that you have to remember (such as your pass
When it comes to passwords that you don't have to remember (such as passwords stored inside your password manager), if your [threat model](threat-modeling.md) calls for it, we recommend going through important accounts (especially accounts that don't use multifactor authentication) and changing their password every couple of months, in case they have been compromised in a data breach that hasn't become public yet. Most password managers allow you to set an expiry date for your password to make this easier to manage.
<!-- TODO: Admonition -->
<div class="admonition tip" markdown>
<p class="admonition-title">Checking for data breaches</p>
If your password manager lets you check for compromised passwords, make sure to do so and promptly change any password that may have been exposed in a data breach. Alternatively, you could follow [Have I Been Pwned's Latest Breaches feed](https://feeds.feedburner.com/HaveIBeenPwnedLatestBreaches) with the help of a [news aggregator](../news-aggregators.md).
If your password manager lets you check for compromised passwords, make sure to do so and promptly change any password that may have been exposed in a data breach. Alternatively, you could follow [Have I Been Pwned's Latest Breaches feed](https://feeds.feedburner.com/HaveIBeenPwnedLatestBreaches) with the help of a [news aggregator](../../tools/software/news-aggregators/_index.md).
</div>
@@ -51,12 +52,9 @@ An example of a diceware passphrase is `viewable fastness reluctant squishy seve
To generate a diceware passphrase using real dice, follow these steps:
<div class="admonition Note" markdown>
<p class="admonition-title">Note</p>
> [!NOTE]
> These instructions assume that you are using [EFF's large word list](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) to generate the passphrase, which requires five dice rolls per word. Other word lists may require more or less rolls per word, and may require a different amount of words to achieve the same entropy.
These instructions assume that you are using [EFF's large word list](https://eff.org/files/2016/07/18/eff_large_wordlist.txt) to generate the passphrase, which requires five dice rolls per word. Other word lists may require more or less rolls per word, and may require a different amount of words to achieve the same entropy.
</div>
1. Roll a six-sided die five times, noting down the number after each roll.
@@ -66,6 +64,7 @@ These instructions assume that you are using [EFF's large word list](https://eff
4. Repeat this process until your passphrase has as many words as you need, which you should separate with a space.
<!-- TODO: Admonition -->
<div class="admonition warning" markdown>
<p class="admonition-title">Important</p>
@@ -159,12 +158,13 @@ The best way to store your passwords is by using a password manager. They allow
There are many good options to choose from, both cloud-based and local. Choose one of our recommended password managers and use it to establish strong passwords across all of your accounts. We recommend securing your password manager with a [diceware passphrase](#diceware-passphrases) comprised of at least seven words.
[List of recommended password managers](../passwords.md){ .md-button }
[List of recommended password managers](../../tools/software/passwords/_index.md){ .md-button }
<!-- TODO: Admonition -->
<div class="admonition warning" markdown>
<p class="admonition-title">Don't place your passwords and TOTP tokens inside the same password manager</p>
When using [TOTP codes as multifactor authentication](multi-factor-authentication.md#time-based-one-time-password-totp), the best security practice is to keep your TOTP codes in a [separate app](../multi-factor-authentication.md).
When using [TOTP codes as multifactor authentication](multi-factor-authentication.md#time-based-one-time-password-totp), the best security practice is to keep your TOTP codes in a [separate app](../../tools/software/multi-factor-authentication/_index.md).
Storing your TOTP tokens in the same place as your passwords, while convenient, reduces the accounts to a single factor in the event that an adversary gains access to your password manager.
@@ -174,4 +174,4 @@ Furthermore, we do not recommend storing single-use recovery codes in your passw
### Backups
You should store an [encrypted](../encryption.md) backup of your passwords on multiple storage devices or a cloud storage provider. This can help you access your passwords if something happens to your primary device or the service you are using.
You should store an [encrypted](../../tools/software/encryption/_index.md) backup of your passwords on multiple storage devices or a cloud storage provider. This can help you access your passwords if something happens to your primary device or the service you are using.