Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

update minimum password length from 12 to 16 #1446

Merged
merged 1 commit into from
Oct 4, 2024
Merged
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 3 additions & 1 deletion company-policies/security.md
Original file line number Diff line number Diff line change
Expand Up @@ -117,7 +117,9 @@

Strong passwords provide the basis for secure authentication to many systems and services.

For a password to be compliant with the CivicActions "strong password" policy, it must be 12 characters or longer and not based on a dictionary word, your name or the application you are logging in to. If under 16 characters (e.g, 12-15 characters) it _must_ be paired with a second factor (see [Multi-Factor Authentication](../common-practices-tools/security/README.md#use-multi-factor-authentication-mfa). A longer _passphrase_ consisting of several words in an order that make sense only to you can work well as a _memorized secret_.
For a password to be compliant with the CivicActions "strong password" policy, it must be 16 characters or longer and not based on a dictionary word, your name or the application you are logging in to. A longer _passphrase_ consisting of several words in an order that make sense only to you can work well as a _memorized secret_.

We strongly recommend employing [Multi-Factor Authentication](../common-practices-tools/security/README.md#use-multi-factor-authentication-mfa) wherever possible, particularly with any account that has elevated privileges or access to high value assets (note: this can include your personal bank account, etc.)

Check warning on line 122 in company-policies/security.md

View workflow job for this annotation

GitHub Actions / remark-lint-suggestions

[remark-lint-suggestions] company-policies/security.md#L122

Unexpected hard to read sentence, according to 5 out of 7 algorithms readability retext-readability
Raw output
122:1-122:311   warning Unexpected hard to read sentence, according to 5 out of 7 algorithms   readability retext-readability

All passwords at CivicActions must follow this policy, including passwords used for:

Expand Down
Loading