Password and 2FA policy
Strong password and appropriate use of 2FA (two factor authentication) are important aspects of device and software security. We all have passwords for multiple systems that are used for business related purposes and it is the important for all team members to take the appropriate steps to secure their passwords.
- Passwords must be sufficiently strong such as to make cracking or guessing difficult
- Where possible, passwords should be randomly generated (you can do this in your password manager)
- Passwords should be more than 12 characters and contain a mixture of upper case, lower case, numbers and special characters
- Do not use the same password for access to Made Tech systems as for any personal accounts. If you do this, and your Made Tech password is compromised, it will open your personal accounts up to vulnerablities and vice versa.
We use password management for Made Tech services. Individual vaults are managed by the teams who use them, and the password manager is managed by the Operations Team.
Your password to access your password manager should conform to the password policy. Biometrics is also an acceptable method of accessing the password manager.
Cracking passwords or a brute force attack are not the only ways in which individuals with bad intentions can get into the Made Tech systems. Social engineering also makes us vulnerable. Attackers will use techniques to gain your trust, or take advantage of inattention or a desire to be helpful to obtain passwords.
- Be aware of someone using social engineering to gain access to your password / account
- Do not store passwords on your device outside of an encrypted password manager
- Do not write passwords down
- Be sure you're entering your password in to a legitimate website
- Passwords should generally not be shared. When these is need to share a piece of secure information such as a password do so via 1Password
In all cases, report anything you think is amiss!
Wherever possible, Made Tech uses 2FA as a means of adding an extra layer of security. Please ensure you are enabling 2FA where available.