Add more security checks to the Onboarding checklist
From the Security 101 talk, here are a few I think should be added to the security checklist:
One of either:
- Disconnect your personal email from your GitLab.com account, if you had created an account before being hired.
- Make sure your personal email uses 2-factor authentication if you have it connected to your GitLab.com account.
One of either:
- Never back up your company laptop.
- Make 100% sure that your backup is encrypted. If you don't know, just assume it isn't.
And these:
- Change your password on GitLab.com to use 1Password if you had an account before joining the company.
- If you created any accounts while onboarding before being added to 1Password, reset your passwords for them to use 1Password.
- If you authenticate your GitLab.com account with Google, GitHub, etc. you should either disconnect them or make sure they use two-factor authentication.
- Take a picture (not a screenshot) of the computer screen verifying your disk is encrypted.
- Enable two-factor authentication on your GitLab.com account.
- Make sure your notifications for GitLab.com aren't sent to a personal email. Send them to your
@gitlab.com
email. - If you can think of anything that you think should be added to this list, suggest it. There are no dumb questions.
cc: @ernstvn @kirstenabma