Vertic manages a range of passwords which require complex generation, secure storage and controlled access. Our chosen digital platform for managing passwords is BitWarden (http://www.bitwarden.com ) which allows for the secure sharing of passwords across teams.
Passwords must be generated using BitWarden and adhere to the following structure:
PARAMETER | VALUE |
Minimum length | 8 |
Maximum length | 64 |
Re-use cycle | Cannot be the same as any of the previous 32 passwords |
Characters Required | At least one upper-case letter At least one lower-case letter At least one symbol At least one number |
Password similarity | New password cannot share more than three characters in the same position as the old password |
Change Frequency | No forced expiry / at least every X days |
Account lockout | On five incorrect logon attempts |
Account lockout action | Account must be re-enabled by [IT Service Desk] |
Other controls | Password cannot contain the username Password must not be on a list of common passwords e.g. Password1 |
Each employee and direct contact will have their own login to this platform and will have access only the passwords relevant to their work requirements. At regular intervals, passwords will be renewed in accordance with Salesforce’s user password policies. The following people will have administration access to our selected password management platform:
Jan Tenenberg
Stephen Kent
Matt Romeo
David Fisher (Bitwarden Administrator)
All other resources are registered as users only with limited access rights. Further information on our access policies can be found here.
Ongoing Password Management Process
30 Day Expiry
How to change passwords and apply to Salesforce