Security

Credentials

Password vault

The company provides a Password Vault account to all employees, this should be used for both individual user accounts and shared accounts (e.g. flowforge npmjs account).

Any shared accounts should be in an approate vault shared with those that need it only, but always more than just one person.

Strong passwords

Passwords should be randomly generated using the Password Vault to ensure strength and that they are not reused across services

2FA

For all services that support it, 2FA authentication should be enabled and if possible enforced by policy. Where possible the 2FA seed keys should be added to the entry in the Password Vault.