Harvard University Information Security | HARVARD.EDU

Protect Passwords

U2: All passwords and other access credentials must be protected. They must never be stored in plaintext and must not be stored directly in scripts or configuration files.

See also: Level 2, Level 3, Level 4, 2, Users

How to Comply

Use a password vault

Use a password vault such as Cyber Ark for access to encryption key.

Treat passwords like HRCI

If you must write your password down, treat and protect it like Level 4/High Risk Confidential Information.

Review all Data Classification levels.

Use a password management application

Use a password management application like 1Password, LastPass, KeePass or iCloud Keychain that generates, stores and protects long, random, unique passwords

Information Security Policy

Harvard University

Protect Passwords

How to Comply

Use a password vault

Treat passwords like HRCI

Use a password management application

a5521c6de467d1f1f57b952884f5e43e