To create a strong password, you must choose or generate a password for your Threat Stack account that:
- Has a minimum of eight characters, but preferably a minimum of 16 characters
- Is “very strong,” as indicated by the strength meter that displays next to the Password field as you type.
If you do not use a password manager to automatically generate passwords, then use these guidelines to create a very strong password:
- At least one lower case letter
- At least one upper case letter
- At least one number
- At least one special character
- No incrementing (“123”) or repeating sequences (“secretsecret”)
- No common phrases, such as “WinterIsComing”
Threat Stack only inspects the password at the time you type it, and never stores the password you entered in plaintext.
To keep your account secure, Threat Stack recommends you follow these best practices:
- Use a password manager, such as LastPass or 1Password, to generate a password more than 16 characters.
- Generate a unique password for Threat Stack. If you use your Threat Stack password elsewhere and that service is compromised, then malicious actors could use that information to access your Threat Stack account.
- Select passwords that are very different than previous passwords. Do not change one or two letters or numbers, as these passwords are easier to compromise.
- Configure multi-factor authentication for your personal account.
- Never share your password.
When you type a password to sign in, create an account, or change your password, Threat Stack compares your password to the HaveIBeenPwned dataset of known compromised passwords. For more information, see HaveIBeenPwned. If your selected password is in the HaveIBeenPwned dataset, then one of the following occurs:
- If this is your first Threat Stack login or you are creating a new Threat Stack account, then Threat Stack displays a warning message and you must select a different password.
- If this sign in occurs with an existing Threat Stack account, then Threat Stack displays a warning message and automatically emails you a password reset link.
There is a small chance – 0.125% – that a randomly generated password may be in the HaveIBeenPwned dataset. This situation occurs as a result of the way Threat Stack implements HaveIBeenPwned verification. If this situation occurs, then generate a new password.