# Securing Developer Accounts

## Password Management

- **Strong, Unique Passwords:** It is crucial to use passwords that are both strong and unique for each account. A minimum length of 15 characters is recommended, prioritizing length over complexity.
- **Password Managers:** The use of a password manager is essential to maintain the uniqueness and strength of passwords across all user accounts.

## Multi-Factor Authentication (MFA)

* MFA adds an additional layer of security beyond passwords. The recommended methods, in order of security effectiveness, are:
  * **FIDO2 Security Keys:** For a passwordless or second-factor authentication, FIDO2 (CTAP2 security keys) offers the highest security.
  * **Time-based One-Time Password (TOTP):** Applications generating TOTPs provide a secure alternative to FIDO2.
  * **SMS and Email Authentication:** The use of SMS and Email as second factors is discouraged due to their susceptibility to security vulnerabilities.