Difference between revisions of "Admin Security Policy"
		
		
		
		
		
		Jump to navigation
		Jump to search
		
				
		
		
	
|  (Created page with "This document is an attempt to formalize security policy for administrators and moderators of my forums.  == Admin/Mod Account Security ==  These policies apply to members wit...") | |||
| Line 6: | Line 6: | ||
| * Your password should get at least 36 bits in an [http://rumkin.com/tools/password/passchk.php entropy test]. | * Your password should get at least 36 bits in an [http://rumkin.com/tools/password/passchk.php entropy test]. | ||
| − | * Any 'secret question' account recovery options should be unusable. | + | * Any 'secret question' account recovery options should be unusable. A good way to do this is to just make a huge string of gibberish and make that your answer. | 
| * You should have my phone number and I should have yours. The same goes for Skype or other major IMs (though I'm only really using Skype at the moment). I know this is already true for the vast majority of you but there are a few I am missing. | * You should have my phone number and I should have yours. The same goes for Skype or other major IMs (though I'm only really using Skype at the moment). I know this is already true for the vast majority of you but there are a few I am missing. | ||
| + | |||
| + | |||
| * If you do not actually use the notification features on your e-mail, you can instead set it to something useless and have an admin reactivate your account. | * If you do not actually use the notification features on your e-mail, you can instead set it to something useless and have an admin reactivate your account. | ||
| − | |||
| * If you do, your e-mail account itself should be appropriately secure. It should: | * If you do, your e-mail account itself should be appropriately secure. It should: | ||
Latest revision as of 19:52, 26 September 2015
This document is an attempt to formalize security policy for administrators and moderators of my forums.
Admin/Mod Account Security
These policies apply to members with global moderator and administrative access. They do not apply to mentors or welcoming committee members.
- Your password should get at least 36 bits in an entropy test.
- Any 'secret question' account recovery options should be unusable. A good way to do this is to just make a huge string of gibberish and make that your answer.
- You should have my phone number and I should have yours. The same goes for Skype or other major IMs (though I'm only really using Skype at the moment). I know this is already true for the vast majority of you but there are a few I am missing.
- If you do not actually use the notification features on your e-mail, you can instead set it to something useless and have an admin reactivate your account.
- If you do, your e-mail account itself should be appropriately secure. It should:
- Have a suitably tough password. At least 36 bits in the test above, preferably at least 60 if this password holds the keys to your entire on-line life.
- If this seems difficult, consider passphrases. These are much easier to use.
- Not have that password shared with anything else, anywhere else.
- Likewise have impossible-to-guess 'recovery questions' where applicable.
I highly recommend using a password manager. Macs have one built in (the keychain), while for Windows I use Password Safe. With this, you only need to remember a few passwords - the ones you need most regularly, and your keychain/manager password.