From 31d9da11f3e3d4823f863bc4834f2e3d30a3d024 Mon Sep 17 00:00:00 2001 From: Dennis Eichhorn Date: Mon, 25 Jul 2022 11:08:48 +0200 Subject: [PATCH] Update Password Guideline.md --- Policies & Guidelines/IT/Password Guideline.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Policies & Guidelines/IT/Password Guideline.md b/Policies & Guidelines/IT/Password Guideline.md index aea569a..2ac96fe 100644 --- a/Policies & Guidelines/IT/Password Guideline.md +++ b/Policies & Guidelines/IT/Password Guideline.md @@ -13,7 +13,7 @@ Passwords protect confidential company data, as well as customer and supplier da Additionally, if it is possible to define a password change interval it should be set to once a year. This way passwords don't become stale and in case of a password leak get rotated out. Shorter password change intervals could lead to friction for the employees resulting in a security fatigue. -## Server protection +## Additional protection For direct server access ssh keys must be used instead of passwords. In addition, these ssh keys should be password protected according to the above mentioned format specifications. If possible second factor authentication should be enabled for direct server access. This second factor authentication should be bound to the owner of the ssh key (i.e. SMS authentication, app authentication, ...)