diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2024-01-16 13:42:19 +0300 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2024-01-16 13:42:19 +0300 |
commit | 84d1bd786125c1c14a3ba5f63e38a4cc736a9027 (patch) | |
tree | f550fa965f507077e20dbb6d61a8269a99ef7107 /doc/security/hardening_general_concepts.md | |
parent | 3a105e36e689f7b75482236712f1a47fd5a76814 (diff) |
Add latest changes from gitlab-org/gitlab@16-8-stable-eev16.8.0-rc42
Diffstat (limited to 'doc/security/hardening_general_concepts.md')
-rw-r--r-- | doc/security/hardening_general_concepts.md | 5 |
1 files changed, 2 insertions, 3 deletions
diff --git a/doc/security/hardening_general_concepts.md b/doc/security/hardening_general_concepts.md index 0ba8822dc5f..cb0dcb4eba7 100644 --- a/doc/security/hardening_general_concepts.md +++ b/doc/security/hardening_general_concepts.md @@ -19,10 +19,9 @@ just one. A quick example is account security: - Use a long, complex, and unique password for the account. - Implement a second factor to the authentication process for added security. - Use a hardware token as a second factor. -- Lock out an account (for at least a fixed amount of time) for failed authentication -attempts. +- Lock out an account (for at least a fixed amount of time) for failed authentication attempts. - An account that is unused for a specific time frame should be disabled, enforce this -with either automation or regular audits. + with either automation or regular audits. Instead of using only one or two items on the list, use as many as possible. This philosophy can apply to other areas besides account security - it should be applied to |