Cannazon: Account Security


Your account is secured with a password of your choice. Please choose a password that matches the following criteria:

  • A strong password must be at least 8 characters long.
  • It should not contain any of your personal information — specifically your real name or user name.
  • It must be very unique from your previously used passwords.
  • It should not contain any word spelled completely.
  • It should contain characters from the four primary categories, including: uppercase letters, lowercase letters, numbers, and characters.
  • Do not use the same password across other markets or forums.

For the reset of your password you have to set a secret PIN during the registration process. In case you lose your password you can use this PIN to set a new passwords, as there is no password reset via email.

Please choose a PIN that matches the same criteria as the ones for passwords.

Warning

If you loose the PIN you can´t get access to your account if you have forgotten the password.

Besides using a secure password please do also follow these rules for choosing a username:

  • Never use a username that you have used somewhere else
  • Do not include any information that could identify you in the username (names, interests, language)

To generate and save your passwords easily we recommend using KeePassX as explained in the next sections.


Prerequisite

You have correctly setup your Tails persistence storing according to the Tails documentation at tails.boum.org.

As you should use complex passwords that are different across all websites you use it may become really hard to keep track of these. Luckily, Tails provides the password manager KeePassX by default. With this password manager you can generate and store all usernames and passwords safely. All you need to remember is one master password.

We advise using KeePassX for every password you have. It makes it really easy to have different and at the same time complex passwords accross all sites. So use it for your market login credentials, your private PGP password, your Bitcoin wallet keys and other information you want to save securly.

Learn in this tutorial how to setup KeePassX on Tails and use it for your passwords.


  1. Click on “Applications”  ▸ “Accessories”  ▸ “KeePassX”.
  2. On the top left, click “Database”  ▸ “New Database”.
  3. Set a very strong password that you can remember. Use uppercase and lowercase letters, numbers and special characters. If you loose this master password you will loose access to all of your passwords. Press “OK”  to set the password.
  4. Save your password database by clicking on the save button and save it to your persistent storage.

Creating a new KeePassX database


  1. Create a new password by clicking on entry button in the toolbar.
  2. Enter e.g. “Cannazon”  as the title and your username as the username. In the URL field enter the market address optionally. Click on “Gen.”  to generate a new password.
  3. Enable special characters by pressing the checkbox /*_...". Click on “Accept”  to accept it.
  4. Back on the creation dialog you can display your password by clicking on eye-button above the “Gen.”  button. Click “OK”  to confirm your new password entry.
  5. Save your database by clicking on the save button in the toolbar.

Adding password entries with KeePassX


  1. Open KeePassX by clicking on “Applications”  ▸ “Accessoires”  ▸ “KeePassX”.
  2. [Optional] If not automatically selected, select your password database by clicking “Database”  ▸ “Open database”  and select the .kdbx file you stored in your persistent folder.
  3. Enter your master key and press “OK”.
  4. Right-click on the entry you want use (e.g. “Cannazon”) and select “Copy password”. Now you can paste your the password into the login form.

Using your saved passwords


As you probably know your account is secured by a password of your choice. This should be a strong password following the password policies here. However, to make your account even more secure we offer to protect it with a second factor along with the password. This second factor will be your PGP key. With the two-factor authentication enabled, every time you login you will be asked to decrypt a message that was encrypted with your public PGP key. Only if you can decrypt the message correctly, you will be able to login.

We recommend to use two-factor authentication for all users and for vendors it is even mandatory to have it activated.

Learn in the next steps how to activate it and how to use it.

Prerequisite

You have maintained your public PGP key in your account settings as explained here.

  1. Go to your account settings by clicking on your username.
  2. Enable the checkbox for “Two-factor authentication”  and click on “Update Settings”.

Enabling two-factor authentication


  1. Login as usual with your username and password and press “Login”.
  2. Copy the displayed PGP message by clicking in the textbox and pressing CTRL + A and CTRL + C to copy the message.
  3. The clipboard icon should now show a padlock, meaning that the clipboard contains encrypted text. Click on it and select “Decrypt/Verify Clipboard” from the menu.
  4. Enter the passphrase for your private PGP key and click “OK”.
  5. The decrypted text appears in a new window. Copy the code that is displayed.
  6. Paste the code below the encrypted message and click “Login”.

Login with two-factor authentication


As your data is highly sensitive we do only save your messages, keys and passwords encrypted on our servers. Although this goes without saying, we continuously update our servers to the most current status of security.

To not store any data longer than needed, all messages, tickets and order details will be automatically deleted after 60 days. So do not wonder why your old tickets or messages vanish after this time.

If you want to have messages or other data deleted because of sensitive information you have send or for other reasons, please contact support.


In the following we would like to give you some general advice regarding your account security. Most security issues occur when not following some basic guidelines.

  • Do not give your account credentials to anyone else
  • Bookmark our URLs minimize the risk of phishing
  • Use two-factor authentication for your account
  • Change your password from time to time
  • Use KeePassX for password generation and storage