Last week brought news that not one but two vital internet services experienced bugs that exposed user passwords. On May 1, code repository site, Github announced that “a small number of user passwords” were exposed, and then two days later, Twitter suffered a similar error that caused the company to recommend everyone change their password.
In both cases, passwords were exposed, unencrypted on an internal logging site. Neither company reported any malfeasance as a result of the exposure, but it makes for a great time to remind you:
- No one at Onehub has access to your password.
- Everything we do at Onehub is encrypted from end-to-end.
- Should you want, we offer Onehub account admins the ability to enforce complex passwords, require password changes, and to enforce two-factor authentication.
As a rule, Onehub requires a user’s password to be at least 10 characters long. When complex passwords are turned on, every user on their account must include special characters or numbers. Admins can also set expiration dates for passwords, requiring users to change them after a certain period of time (e.g. 90 days).
While we’re on the subject of passwords, we recommend using a password manager such as 1Password or LastPass. These tools automatically generate and store lengthy, complicated passwords for you, and make updating passwords easy.
Finally, we also recommend that if you are an admin that you enforce two-factor authentication across your account. This will require that in addition to their password, a user must enter a special code from a validated device in order to access their account.
Protecting your data is our top priority. If you have any questions about passwords or password management, feel free to drop us a line at firstname.lastname@example.org.