Revisit account access and management policies

[dcwalk]

From @dcwalk on September 26, 2018 21:24

We should develop/revisit our Our Networks accounts and the access/management policies we have around that (e.g., we are on a few services platforms and generally share passwords.

Should ensure that it reflects our needs/capacity going forward to 2019. Also whether they need to be updated for people

Services:

• single acct:
  • BPT
  • Paypal
  • Twitter
  • Mailing list (?) - Mayfirst
• group/individual accts:
  • Bank
  • Namecheap
  • Digital Ocean
  • Twitter
  • Youtube
  • GH Org

Unused:

• Stripe
• Dtube (Hank?)

Copied from original issue: ournetworks/2018#131

Some TODOs for 2019 closeout:

• set up new accts for everyone on mayfirst
• review and update service inventory in orga: https://github.com/ournetworks/orga/blob/master/services-inventory.md
• rotate some central acct passwords

[dcwalk]

From @benhylau on September 26, 2018 23:21

I still hold creds to the bank, Paypal, and BPT. Let me know if there are other ones I shall keep.

[dcwalk]

Yeah, I'm in similar boat. I was thinking a list+ensure we've spread access appropriately!

[dcwalk]

From @Shrinks99 on October 2, 2018 22:7

I will let you know what happens with DTube once they send me account login information. Alternatively I can claim the name for a whole one dollar in the mean time and get it instantly so I can give you credentials.

Nothing is tied to my email once the account is created, they are just using it to give me a private key. Crypto and all that jazz.

[benhylau]

Should we just commit a KeePassX repo with all passwords to a repository and we all just individually remember that one password? Of course there is no forward secrecy in this quick solution.