Skip to main content

Password Policy

WeSalute's Password Policy describes how Team Members should generate, store, and retrieve their passwords for services they use on behalf of WeSalute.

Password Generation

You are required use complex passwords for all accounts that have access to WeSalute data.

"Complex" passwords have at least one uppercase letter, one lowercase letter, one number, and one non-alphanumeric character, and are at least 14 characters long. It's recommended to use 1Password's password generator for complex password generation.

You must use unique passwords for all accounts and system accounts. Do not reuse or duplicate passwords. WeSalute Team Members may not reuse passwords that are or were used elsewhere, e..g passwords used for personal accounts. A common way attackers obtain access to corporate resources is by using personal passwords that were obtained in breaches of other services.

When you are creating an account for the first time or during a password reset SystemsOps will force you to change your password upon logging in for the first time.

You are required to use two-factor authentication for all accounts that have access to WeSalute data.

Password Requirements from Services

You must adhere to the WeSalute Password Policy for all applications, including but not limited to the services (e.g. 3rd-party applications, software-as-a-service ("SaaS"), etc.) that WeSalute uses to provide it product, offerings, and operations.

You must adhere to the WeSalute Password Policy for any login related to WeSalute.

Managing and Storing Passwords

You are required to use 1Password to store and manage your username and passwords and generate sufficiently complex passwords.

  • Under no circumstances should passwords be recorded or documented outside of 1Password.
  • WeSalute Team Members are prohibited from sharing their account passwords with anyone, including other WeSalute Team Members.
  • All WeSalute system and user passwords must be encrypted when stored at rest within an application or database.
  • All WeSalute system and user passwords must be encrypted during transmission.

Disciplinary Action

Team Members who violate Password Policy may face disciplinary consequences in proportion to their violation. WeSalute management will determine how serious an employee's offense is and take the appropriate action:

  • For minor violations, (such as reuse of personal password, et. al.) Team Members may be subject to verbal reprimands.
  • For more serious violations (e.g. a security incident or breach caused by reuse of personal passwords), Team Members may face severe disciplinary actions up to and including termination.

Policy Review, Disciplinary, & Responsibility

Responsibility

SystemsOps is responsible for ensuring Password Policy is followed.

warning

This Policy currently does not have the required policy footer content standard on WeSalute Policies. This may be intentional by the nature of the content.