Password requirements

Keep in mind that the passwords we choose contribute to the security of our Sourcegraph-managed systems and data. In addition to being users, many of us are also administrators so it is especially important to be thoughtful when selecting a password.

Below is guidance for setting passwords to Sourcegraph-managed accounts, these are strongly recommended and will be enforced at the organizational level when available.

Do:

• Make passwords complicated enough to need the use of a password manager (we use 1Password)
• Make passwords randomly generated through the use of a password manager (we use 1Password)
• Create a new password for every system - the primary goal is password diversity
• Make passwords hard to guess, even by those who know a lot about you
• Use a mix of numbers, letters (upper and lower case), and special characters
• Create a password that is ideally 15 characters or longer
• When creating your own, we recommend using a passphrase or sentence so it’s easier to remember and meet the above requirements! Example: HungryAnteaterAte1400Ants!

Do not:

• Use the browser based auto-fill, the 1Password browser extension should be used
• Use a password that is the same or similar to one you use on any other websites
• Use a single word, for example, password, or a commonly-used phrase like Iloveyou or a string of numbers/letters, such as abc123
• Use identifiable information about yourself, such as the names and birthdays of your friends and family, your favorite bands, or phrases you tend to use
• Mix personal and work-related passwords