Skip to main content

Best Practices

We take security very seriously, and we want to ensure that all members of our team are aware of the best practices for keeping our systems secure. In this post, we'll cover some of the key practices we use to manage passwords and sensitive information.

Manage passwords with Keeper

At Figuro, we use Keeper to manage our passwords and other sensitive information. Keeper is a secure password manager that allows us to store passwords, login credentials, and other sensitive data in an encrypted format. This ensures that even if our devices are compromised, our passwords and other sensitive data remain secure.

Use long and random passwords

We encourage all members of our team to use long and random passwords for all accounts, and to use different passwords for each account. This makes it much more difficult for attackers to guess or crack our passwords, and helps keep our systems secure.

Becareful of env vars in commits

When working on code, it's important to keep sensitive data out of your commits. This includes things like passwords, secrets, and API keys. Instead, we use environment variables to store this information, and make sure that these variables are not included in our code commits.

Access credentials for customer data should be passed as environmental variables in .env, docker-compose.yml files or using a platform specific feature for that (ie: env vars in Vercel). These should never be deployed or committed to repositories, and should always be ignored in .gitignore and .dockerignore files.

Never Share Information in Unofficial Channels

It's important to never share sensitive information, including passwords and login credentials, in unofficial channels. This includes email, chat platforms, and social media. Instead, we use official communication channels to share information, and we make sure that only authorized individuals have access to sensitive information.

info

By following these security guidelines, we can help ensure that our systems remain secure and that our sensitive data is protected. If you have any questions about these guidelines or need further guidance on security best practices, please reach out to our security team.