Description

Wolkvox implements robust technical controls for password management, aligned with security best practices. These controls include a minimum length of 10 characters, alphanumeric complexity rules, mandatory change on first use, periodic rotation, and preventing the reuse of previous passwords. These measures are designed to protect system access and ensure that only authorized users can interact with environments, following the principle of least privilege. Wolkvox’s security policy ensures that access is protected at all levels, from development to production environments.

Features

Password Requirements

• Minimum Length: 10 characters, to ensure robustness against brute-force attacks.
• Alphanumeric Complexity: Passwords must include a combination of uppercase and lowercase letters, numbers, and special characters.
• Forced Change on First Use: Users must change their temporary password to a permanent one on their first login.
• Periodic Rotation: Passwords must be updated every 90 days (or according to the customer’s specific policy), reducing the risk of unauthorized access.

Preventing Reuse

• Password History: The system prevents users from reusing previous passwords, ensuring that each new password is unique.
• Blocking Weak Passwords: The use of common or easily guessable passwords (e.g., "123456" or "password") is prohibited.

Integration with Google Cloud Platform (GCP)

• Separate Environments: Wolkvox uses GCP infrastructure to maintain isolated environments (development, testing, and production), ensuring that access and permissions are specific to each environment.
• Principle of Least Privilege: Only authorized users have access to the environments they need to perform their roles, limiting exposure to risks.
• Authentication and Authorization: Role-Based Access Control (RBAC) and Multi-Factor Authentication (MFA) are implemented to protect critical environments.