Commit 739204fd authored by Stan Hu's avatar Stan Hu

Merge branch 'patch-123' into 'master'

Add item to the security handbook regarding password storage on web browsers.

@stanhu @briann I didn't see anything in the security handbook regarding web browser attempts to store passwords. Admittedly, I am no security expert but I did some research,  and the consensus seemed to be that allowing web browsers to store passwords is an unnecessary risk.  Let me know your thoughts on this and if anyone else should be included in this discussion.

See merge request !4076
parents 455d62ce 67078aa1
Pipeline #5263268 passed with stages
in 9 minutes and 21 seconds
......@@ -35,6 +35,7 @@ individual accounts, or it may link to the onboarding checklist. You should be a
service.
1. Do not let your password manager store the **master password**. It is okay to
store the login.
1. Do not allow your web browser (e.g. Chrome, Safari) to store passwords when prompted. This presents an unnecessary risk and is redundant as 1Password should serve as the sole password management application.
1. Enable two-factor authentication (2FA) with [1Password TOTP] for your Google, Slack, GitLab.com, and dev.gitlab.org accounts.
1. You can also consider using a [Yubikey](https://about.gitlab.com/2016/06/22/gitlab-adds-support-for-u2f/) with GitLab.
1. Use **Full-Disk Encryption** on your work computer and phone. Mac users may
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment