Keep in mind that the passwords we choose contribute to the security of our Sourcegraph managed systems and data. In addition to being users, many of us are also administrators so it is especially important to be thoughtful when selecting a password.

Below is guidance for setting passwords to Sourcegraph managed accounts, these are strongly recommended and will be enforced at the organizational level wherever possible.

Do:

• Make passwords complicated enough to need the use of a password manager (we use 1Password)
• Make passwords randomly generated through the use of a password manager (we use 1Password)
• Create a new password for every system - the primary goal is password diversity
• Make passwords hard to guess, even by those who know a lot about you
• Use a mix of numbers, letters (upper and lower case), and special characters
• Create a password that is ideally 15 characters or longer
• When creating your own, we recommend using a passphrase or sentence so it’s easier to remember and meet the above requirements!
  • Example: HungryAnteaterAte1400Ants!
• Keep passwords secret and don’t share them

Do not:

• Use the browser based auto-fill, the 1Password browser extension should be used
• Use a password that is the same or similar to one you use on any other websites
• Use a single word, for example, password, or a commonly used phrase like Iloveyou or a string of numbers/letters, such as abc123
• Use identifiable information about yourself, such as the names and birthdays of your friends and family, your favorite bands, or phrases you tend to use
• Mix personal and work-related passwords
• Reuse historical passwords