Versions Compared

Version Old Version 1 New Version Current
Changes made by

Jan Tenenberg

David Fisher (Unlicensed)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

PARAMETER

VALUE

Minimum length

8

Maximum length

64

Re-use cycle

Cannot be the same as any of the previous 32 passwords

Characters Required

At least one upper-case letter

At least one lower-case letter

At least one symbol

At least one number

Password similarity

New password cannot share more than three characters in the same position as the old password

Change Frequency

No forced expiry / at least every X days

Account lockout

On five incorrect logon attempts

Account lockout action

Account must be re-enabled by [IT Service Desk]

Other controls

Password cannot contain the username

Password must not be on a list of common passwords e.g. Password1

We categorise passwords into Collections within BitWarden, as shown below. All Vertic employees and direct contacts (external parties involved in the development process).

...

Each employee and direct contact will have their own login to this platform and will have access only the passwords relevant to their work requirements. At regular intervals, passwords will be renewed in accordance with Salesforce’s user password policies. The following people will have administration access to our selected password management platform:

  • Jan Tenenberg

  • Stephen Kent

  • Matt Romeo

  • David Fisher (Bitwarden Administrator)

Info

All other resources are registered as users only with limited access rights. Further information on our access policies can be found here.

Ongoing Password Management Process

To minimise the risk of password exposure, Salesforce enforces a password expiry every 30 days. Each employee is required to change their user’s credentials to a new and unique password, as Salesforce tracks the history of the past 3 passwords used by the user.

...

Using BitWarden, employees generate a unique 14-digit password that they use to log into Salesforce with. Each employee is also able to see whether their existing password has been exposed in any data breaches, and if so, is immediately required to change their Salesforce login credentials.

...