Security information
You can only log in via token
In order to better protect all accounts against security attacks you cannot log in using your email address, your Page ID or a manually chosen username. Instead we will generate a token that you need to use together with your password or passphrase in order to log in.
No "I forgot my password" feature
While the "I forgot my password" feature is a convenient mechanism to regain access to an account with a forgotten password, it has at the same time also become a major attack surface for account hijacking (a type of cyberattack during which an attacker takes control of the victim's account).
We highly recommend that you use a password manager and/or write down your login credentials and store them somewhere safe.
Password security
Make sure the password or passphrase you use has not been exposed in a data breach, you can verify at Pwned Passwords.
Recommendations regarding password
Use a passphrase
Do not use one-word passwords. Instead, string a bunch of words together to make a passphrase. Love Winnie-The-Pooh? The following is a sentence from a Winnie-The-Pooh book:
Winnie-the-Pooh sat down at the foot of the tree
You should always avoid including any personal information such as your favorite car, names of family members, pet names, etc. because criminals gather this type of information about you easily from your social media accounts and other public websites.
Using a pasphrase consisting of random words including space between the words is better.
relish reaction banish justice mandolin
Using the same password or passphrease for multiple accounts is also a bad idea because if one account is compromised, it is easy for the attacker to test that password elsewhere.
Use at least 16 characters
Password or passphrase length is important and 16 characters should be considered the absolute minimum.
Do not use a password like 123456789abcdefg, or a combination of your name combined with a row of numbers, or a simple repetition of the same special character like martin1234567890 or martinmartinmartin. Such passwords are very easy to guess and some of the first things for an attacker to try.