Your account is secured with a password of your choice. Please choose a password that matches the following criteria:
For the reset of your password you have to set a secret PIN during the registration process. In case you lose your password you can use this PIN to set a new passwords, as there is no password reset via email.
Please choose a PIN that matches the same criteria as the ones for passwords.
If you loose the PIN you can´t get access to your account if you have forgotten the password.
Besides using a secure password please do also follow these rules for choosing a username:
To generate and save your passwords easily we recommend using KeePassX as explained in the next sections.
You have correctly setup your Tails persistence storing according to the Tails documentation at tails.boum.org.
As you should use complex passwords that are different across all websites you use it may become really hard to keep track of these. Luckily, Tails provides the password manager KeePassX by default. With this password manager you can generate and store all usernames and passwords safely. All you need to remember is one master password.
We advise using KeePassX for every password you have. It makes it really easy to have different and at the same time complex passwords accross all sites. So use it for your market login credentials, your private PGP password, your Bitcoin wallet keys and other information you want to save securly.
Learn in this tutorial how to setup KeePassX on Tails and use it for your passwords.
Creating a new KeePassX database
Adding password entries with KeePassX
Using your saved passwords
As you probably know your account is secured by a password of your choice. This should be a strong password following the password policies here. However, to make your account even more secure we offer to protect it with a second factor along with the password. This second factor will be your PGP key. With the two-factor authentication enabled, every time you login you will be asked to decrypt a message that was encrypted with your public PGP key. Only if you can decrypt the message correctly, you will be able to login.
We recommend to use two-factor authentication for all users and for vendors it is even mandatory to have it activated.
Learn in the next steps how to activate it and how to use it.
You have maintained your public PGP key in your account settings as explained here.
Enabling two-factor authentication
Login with two-factor authentication
As your data is highly sensitive we do only save your messages, keys and passwords encrypted on our servers. Although this goes without saying, we continuously update our servers to the most current status of security.
To not store any data longer than needed, all messages, tickets and order details will be automatically deleted after 60 days. So do not wonder why your old tickets or messages vanish after this time.
If you want to have messages or other data deleted because of sensitive information you have send or for other reasons, please contact support.
In the following we would like to give you some general advice regarding your account security. Most security issues occur when not following some basic guidelines.