Sentinel Check / Ghost Protocol
MODULE 12

Password & 2FA

Weak passwords and SMS-based 2FA are the two most common account takeover vectors.

0/20 steps done

2FA Method Ranking: Strongest to Weakest

1
Hardware Security Key (YubiKey / Passkey)
Physically plugs in or taps. Immune to phishing: the key cryptographically verifies the site is real before signing. Cannot be intercepted remotely.
BEST
2
Authenticator App (Aegis / Authy / Google Authenticator)
Generates time-based codes offline. Not interceptable by carrier. Can be phished if you enter the code on a fake site: but far stronger than SMS.
STRONG
3
Email-based 2FA
Better than nothing. Depends on your email account being secure. If your email is compromised, so is everything using it for 2FA.
MEDIUM
4
SMS / Text Message 2FA
Vulnerable to SIM swapping and SS7 network attacks. Carriers can be social-engineered. Better than nothing, but replace with authenticator app wherever possible.
WEAK

Password & 2FA Checklist

Recommended Tools

Bitwarden
BEST FREE

Open source password manager. Generates unique passwords for every site. Free tier is excellent. Self-hostable. Has a built-in TOTP authenticator on premium (£10/yr).

GET BITWARDEN ↗
Aegis Authenticator
ANDROID

Open source TOTP authenticator for Android. Encrypted backups, no cloud sync. Far better than Google Authenticator: which stores codes in Google's cloud.

GET AEGIS ↗
Raivo OTP
iOS

Open source TOTP authenticator for iPhone. Encrypted iCloud sync (optional). Better alternative to Authy which has had security incidents.

GET RAIVO ↗
YubiKey
HARDWARE

Physical security key. Plugs into USB or taps via NFC. Works with Google, GitHub, Bitwarden, and hundreds more. Most important accounts (email, bank) should use one.

GET YUBIKEY ↗