Accounts
Privacy and security advice for accounts.
Last edited: October 27, 2025.
This article aims to educate people about how they can secure their accounts and manage them properly. It is somewhat opinionated, although I try to be as objective as possible. I will also not be taking any threat models into account — the advice is based on what I believe most people should be using.
# General
Never use your real name or other personal information for your account (except for services that already know your identity). Try to use an alternative name (pseudonym), like in my case "WiredFang". You can make use of a password manager or a site like StrongPhrase.net in order to achieve this.
Assume that anything you post online can never be deleted. Do not put any sensitive information online if you can help it. If you must, use strong encryption. Try to avoid social media.
# Passwords
| Passkeys / Security keys
Understand passkeys in 4 minutes. Use passkeys when possible, preferable passwordless. If going passwordless is not possible for a service, enable it as a multi-factor authenticator. If you wish to store your passkeys locally, KeePassDX and KeePassium are both great choices — see "Password managers" down below.
Security keys are similar to passkeys, but unlike passkeys, they are physical keys. The only keys I can recommended are those from Yubico. Make sure to buy 2 security keys: 1 primary and 1 backup key.
⚠️ Warning: The firmware of Yubico's security keys are not updatable. If there is a vulnerability in the firmware version you are using, you would need to purchase a new key.
| Password managers
Password managers are important to generate long and complicated passwords and store them safely with encryption, while still making them convenient to use. Recommended password managers are KeePassDX/ium for Android and iOS, respectively. KeePass (and most ports) is completely offline, uses strong encryption and is trusted by many. In addition, KeePass and KeePassium have both undergone security audits, although there are no plans yet for KeePassDX. Make multiple backups of your KeePass database.
For a high-security setup, generate a strong master password around 90-bits of entropy, like a 6-8 word diceware passphrase. You can also optionally add a keyfile and/or security key for higher security. Please also generate complex and unique passwords for each service, and consider rotating your passwords.
| Multi-factor authentication
Enable MFA for every service. Do not use SMS for MFA, as it is vulnerable to SIM swap and MITM attacks. Instead, use a passkey / security key or an authenticator application like Aegis or Ente Auth. You can also store your TOTP codes in a separate KeePass database or your YubiKey, if you prefer. Do note that TOTP offers no protection against phishing or reuse attacks, unlike passkeys. Make multiple backups of your TOTP codes.
Use Proton Mail or Tuta Mail, as they both have a strong focus on privacy and security. It is recommended to make use of alias services, like SimpleLogin. Alias services allow you to easily create new addresses without revealing your official email address. Keep in mind that you have to trust another party with your emails when using alias services (except for SimpleLogin, as they are owned by Proton). Proton Pass has SimpleLogin built in and is very easy to use.
ℹ️ Note: Email is only recommended for verification, not communication, as it is a fundamentally insecure protocol. For communication, use one of the recommended messengers.