How do I keep my account secure?
You don't need a password to secure your account, since for many people, passwords are a security vulnerability. You can optionally set a password and two factor authentication.
Passwords are great, but only if they haven't been lost or hacked. Too often people reuse the same password and don't realize when they have been leaked in a breach.
Our authentication system uses your email to verify that you are who you are by sending you a special one-time use link whenever you login.
If you'd like to add a password to your account, you can. We don't have typical password requirements, other than making sure that you are not using a password that has been breached before.
To test if your password has been breached, we check a non-reversible hash against a list of hashes that have been breached before. That means we can tell if that password has been breached without knowing what the password you tried is. We recommend using a password manager like Safari's built in password manager or LastPass to generate unique passwords for every service you use. That way, even if one service is compromised, the malicious hackers don't have access to all your accounts.
We also support two-factor authentication (2FA) for your account. Set up requires an app like Authy or Google Authenticator. These apps produce time-based authentication codes that you need in addition to email access or your password to log in.