How do I keep my account secure?
We offer two factor authentication, among other best practices in password security.
Passwords are great, but only if they haven't been lost or hacked. Too often people reuse the same password and don't realize when they have been leaked in a breach.
Our authentication system uses your email to verify that you are who you are by sending you a one-time use link whenever you login.
If you'd like to add a secure password to your account, you certainly can. Our only password requirement is that it has not appeared in a data breach before.
To test if your password has been breached, we check a non-reversible hash against a list of hashes that have been breached before. That means we can tell if that password has been breached without knowing what the password you tried is. We recommend using a password manager like Safari's built in password manager or LastPass to generate unique passwords for every service you use. That way, even if one service is compromised, the malicious hackers don't have access to all your accounts.
We support two-factor authentication (2FA) for your account. Set up requires an app like Authy or Google Authenticator. These apps produce time-based authentication codes that you need in addition to email access or your password to log in.