In general, for password you should use mixture of capital/small letters, numbers and symbols. You should be careful about those ambiguous characters: l (ell), 1 (one), I (capital i), O (capital o), and 0 (zero). You should set a master password for a password manager, which is complicated enough and can be remembered. Then for each app, you should use this password manager to generate user name and password.
Password manager
It is highly recommended to use a password manager instead of setting up by yourself. Good examples are:
Bitwarden, an open source password manager, and it supports all main stream OS. You can also use it in web browser. You can self-host this service.
Apple Passwords, app only available on Apple devices, but you can install it as extension on your web browser.
1Password, a cross-platform password management tool. Subscription is needed.
Microsoft Authenticator, it supports most main stream OS and mobile device except Linux. For desktop OS, you can install it as extension on your web browser.
You can find more examples in Awesome Mac repository.
Recovery Code
You should put the recovery code of the password manager to somewhere you can find.
Setup 2FA
It is also highly recommended to setup the two(multi)-factor-authentication (2FA) for all of your account to increase protection.
Passkeys
You can also use Passkeys to login passwordless to reduce the risk of password leaking from incidence such as data breaching. This function is available in most password managers, but it needs support from the remote machine as well. Currently, most big service providers supports Passkeys: Github, Google, Microsoft, Apple, and Amazon.
SSH authentication
You can use ssh-keygen to generate ssh keys for authentication. It can be used for servers, remote computers, and repositories (Github and Gitlab). Basically, you need to use ssh-keygen to generate a set of public key (id_xxx.pub) and private key (id_xxx). The content of public key can be added to the remote folder $HOME/.ssh/authorized_keys and the private key is put in local folder, e.g., $HOME/.ssh/id_xxx. You can also set the location of your private key in $HOME/.ssh/config
SSH keys
The best practice is to have one key per user per machine. That’s the most secure approach, because it means you can remove access from one machine independent from the other, such as if one machine is lost or stolen.
Example of $HOME/.ssh/config:
Host orion Hostname orion.nus.edu.sg User my_user IdentityFile ~/.ssh/id_xxx
Then you can use ssh orion to login.
Passphrase
You should set a passphrase for your SSH keys when you generate them. Otherwise if you leaked your private key, then the remote machine will also be compromised.
You can always add a passphrase to your private key.
ssh-keygen -p -f ~/.ssh/id_xxx
File permission in Linux
You can refer to this page for detailed information.
Backup
We have a backup machine called sirius and the address is sirius.nus.edu.sg. Please see the backup guide.
You can store your data on your own laptop/desktop machine, orion and backup to sirius. University also provides free access to some cloud service such as OneDrive (1 TB). You can also use Github to store your repository. (files smaller than 100 MB). Below are some more tips about backup:
“3-2-1 rule”: 3 copies of your data (your production data and 2 backup copies) on two different media (disk and tape) with one copy off-site for disaster recovery.
The most important data should be backup to a cloud service (Github, OneDrive, etc.)
Large files that can be easily reproduced, e.g. wave functions and charge densities, should be excluded in backup process.
App files that you can always redownload should be excluded in your backup.