brainful account security - user guide

We have and continue to make significant leaps in advancing the security and stability of our infrastructure and systems. Your account is secured server-side; however, you, as the authenticated client, have full access and control over your account and data and are therefore vulnerable to imminent client-side attacks. Therefore, we recommend you carefully read and keep this user manual for future reference.

1. Rotate your password at some arbitrary intervals using a password manager

Rotating your password at arbitrary intervals protects you from potentially using an exposed password and making it unpredictable for an adversary to detect when you changed the password.

By using a password manager, you can add much greater levels of symbol complexity and length to your passwords that would provide better security guarantees than a password that can be memorised.

If you do need to use your account on such, please ensure you have a competent antivirus installed on your system and have run a full system check before interacting with brainful. Furthermore, thoroughly check all directories for malicious apps and scripts such as keyloggers that may reside on the system.

Please ensure you also logout after each session and do not leave an open session unattended.

We support TOTP at the moment, which significantly enhances account security, especially on non-personal computers.

4. Make use of magic entities where possible

Add magic entitiesto private or confidential data to benefit from advanced protection and avoid potential data leakage to external services that serve features like AI functionality.

5. Use as few web browser extensions with as few privileges as possible

Every web extension is a liability, and extensions that have permission to read your screen, even for legitimate purposes like Grammarly, do so by sending all readable data to external servers we do not and can not control.

If you do wish to make use of such services, it is best to manually do so in their respective applications rather than at the expense of potential data leakage for some convenience.