- handbook
- Company
- Company
- Operations
- Product
- Development & Design Practices
- Design
- Development
- contributing
- Front End
- How We Work
- Markdown How-To
- packaging
- release
- Releases
- security
- staging
- Using Git
- Website A/B Testing
- Internal Operations
- Legal
- People Ops
- Sales & Marketing
- Marketing
- blog
- Boiler Plate Descriptions
- Content Channels
- Content Types
- HubSpot
- Marketing
- Video
- Webinars
- website
- sales
# Security
# Credentials
# Password vault
The company provides a 1Password Vault account to all employees. When available, sign in with your Google Workspace account. When this option is not available, you must not reuse the same password between different application, but you must generate a new one per application. Passwords are stored in 1Password for both individual user accounts and shared accounts (e.g. FlowForge npmjs account).
Any shared accounts should be in an appropriate vault shared with those that need it only, but always more than just one person.
# 2FA
For all services that support it, 2FA authentication should be enabled and if possible enforced by policy. Where possible the 2FA seed keys should be added to the entry in the Password Vault.
# Executive Fraud
The CEO, CTO, and other executives at FlowForge will never email anyone to wire money, request you to buy gift cards, or request any other type of monitory transaction. Transactions are started through a set process only. When in doubt, reach out through Slack and request a call with the executive to validate.