Password Policy

As much as possible, the various systems used by Linaro integrate either with Linaro Login (LDAP) or Google for authentication. Google synchronizes from Linaro Login, where the password policy is as follows:

  • Minimum password length: 8 characters

  • Password must not contain user name

  • Password must not contain part of first or last name

In addition, when you change your password on Linaro Login, it is checked against a database of known hacked passwords.

Where a Linaro service does not use Linaro Login or Google for authentication, please refer to that service for its own password rules.

The UK National Cyber Security Centre’s recommendation for new passwords is to use three random words.

Do not share your password with anyone.

Do not re-used your password across multiple websites. Either use a password manager like Enpass or adapt your password for each website by (for example) adding something to the password to make it unique for that site.

Multi-factor authentication

Also known as two-factor authentication, this provides an extra step of protection in case your password is guessed.

There are several different ways of providing that second factor. These include, but are not limited to:

  • Biometrics on your device, e.g. facial recognition, fingerprint.

  • Physical device you need to touch, e.g. Yubikey.

  • Time-based code generated by an app, e.g. Google Authenticator, Microsoft Authenticator, Authy, Enpass.

  • SMS (text message).

SMS is by far the weakest of these options and should only be used when none of the other options are supported.

Google

Instructions for setting up multi-factor authentication on your Linaro Google account can be found here.

Linaro SSO

Two-factor authentication on Linaro SSO is currently optional. Instructions on how to add two-factor authentication to your account on Linaro SSO can be found here.

Passkeys

Passkeys are a new method for authentication that does not use passwords at all. You can read Google’s information about passkeys here.

Where possible, you should use passkeys in preference to all other options. Not everything supports passkeys today but, gradually, support is increasing and this mechanism is much more secure than all of the above options.