Security

Credentials

Password vault

The company provides a Password Vault account to all employees, this should be used for both individual user accounts and shared accounts (e.g. flowforge npmjs account).

Any shared accounts should be in an appropriate vault shared with those that need it only, but always more than just one person.

Strong passwords

Passwords should be randomly generated using the Password Vault to ensure strength and that they are not reused across services

2FA

For all services that support it, 2FA authentication should be enabled and if possible enforced by policy. Where possible the 2FA seed keys should be added to the entry in the Password Vault.

Executive Fraud

The CEO, CTO, and other executives at FlowForge will never email anyone to wire money, request you to buy gift cards, or request any other type of monitairy transaction. Transactions are started through a set process only. When in doubt, reach out through Slack and request a call with the executive to validate.