Passwords
Password Managers
The single most important privacy/security tool. A password manager lets you use a unique, strong password for every site without remembering them all.
BitWarden (Recommended)
BitWarden is open-source, free for personal use, and available on all platforms.
- Browser extension: Firefox, Chrome, Edge, Safari
- Mobile: Android, iOS
- Desktop: Windows, macOS, Linux
- Self-hostable on your own server
# Self-host with Docker
docker run -d --name bitwarden \
-e SIGNUPS_ALLOWED=false \
-v /bwdata:/data \
-p 80:80 \
vaultwarden/server:latest
KeePassXC (Offline Alternative)
KeePassXC stores your vault in an encrypted file — nothing goes to the cloud.
- File stored locally (back it up!)
- Browser integration via plugin
- Cross-platform
Strong Passphrase Generation
xkpasswd
xkpasswd.net generates memorable but strong passphrases:
correct-horse-battery-staple
purple-MONKEY-dishwasher-42!
A 4-word passphrase has ~44 bits of entropy — stronger than most random-character passwords people actually use.
GRC Password Generator
grc.com/passwords.htm — generates cryptographically random passwords of various formats.
Have I Been Pwned?
Check if your email address has appeared in known data breaches:
You can also check specific passwords (the check is done using k-anonymity — your full password is never sent):
Password Best Practices
- Use a unique password for every site — reuse is the #1 cause of account takeovers
- Minimum 16 characters for important accounts
- Enable two-factor authentication (see the 2FA page)
- Never store passwords in plain text, browser autofill notes, or email
- Change passwords after any breach notification from haveibeenpwned