Cybersecurity
DevOps Cloud
IT Operations Cloud
We are evaluating several security-related enhancements to the product to both strengthen API Access, as well as user access. We need to implement a legacy mode for API access in order to continue to support legacy REST integrations,
Below are 3 best practices:
1. Apply a "two-factor" method to logins
2. Where ID’s and passwords are manually assigned, on first signin, users need to be required to change their passwords
3. Rest/API accounts are completely separate from the application and require public/private key pairs for access. Rest/API accounts should never be able to obtain application access.