Skip to main content

Passwords / Account Security

Account security is a crucial vulnerability that we must stay on top of. The following rules must be followed for every company account by every employee:

  • Passwords must only ever be stored in and shared through Bitwarden.
    • Sharing or storing a password in plaintext (e.g. email, Slack, text message, Post-it note) is strictly forbidden.
  • Bitwarden passwords are unique to each employee and must never be shared with anyone for any reason.
    • If a Bitwarden password is compromised, IT must be alerted immediately.
  • If access to an account is needed, contact IT for access to the account or relevant categry. Again, passwords or access must never be shared any other way.
  • For newly created accounts: 
    • They must use a random and unique password generated by Bitwarden.
    • After creation, they must be properly named and organized into an appropriate category.
    • If MFA (multi-factor authentication) is available, only Bitwarden should be used as the "authenticator app."
      • Personal phone numbers or email addresses must never be used for MFA.
      • Apps other than Bitwarden (e.g. Authy, Google Authenticator) must never be used.
No Comments
Back to top