Your password

Unfortunately, hackers (or, to be more precise, the tools hackers use) are good at figuring out passwords. The security of your information depends on choosing strong passwords for Basecamp and all other online services you use.

Requirements

When you set your Basecamp password, we take some steps to ensure that it's strong. We only allow passwords that are:

• 12+ characters long
• Not the same as your username or email address

Additionally, we check your password against high-profile public breaches of other services. Hackers commonly use these breaches to find credentials to try on services like Basecamp. To help keep your data safe, we stop you from setting a password that has appeared in a past breach.

Keeping Your Password Strong

Creating and maintaining strong, unique passwords is a key part of keeping your data safe in Basecamp and elsewhere. Our tips for keeping yourself safe from password breaches all across the web:

1.) Use a password manager! They make it much easier to create and use long, complex passwords that are unique for each website you use. Password re-use is a major risk, allowing a breach on one service to spread to others. We use 1Password at Basecamp and recommend it. Any reputable password manager will do a good job, including iCloud Keychain and Google Smart Lock.

2.) Subscribe to a breach notification service. If a service you use suffers a breach, you'll receive an alert letting you know. You can then change those passwords. We recommend https://haveibeenpwned.com. This is a free service; there's no catch or up-sell. It's run by a concerned citizen looking out for other people online.

3.) Turn on two-factor authentication (2FA) wherever you can! We offer 2FA protection for Basecamp. Most services that deal with sensitive information offer 2FA, and it’s especially important for critical services with personal information, like your email address.