Password policy: add YubiKey guidance for prod access

2026-04-14 09:30:00 +00:00 · 2026-04-14 09:30:00 +00:00 · 6c35b9ece3
commit 6c35b9ece3
parent 9bb02441f2
1 changed files with 5 additions and 0 deletions
--- a/policies/password-policy.md
+++ b/policies/password-policy.md
@ -19,3 +19,8 @@ Personal vaults must not store Nexus credentials.

 Non-compliance results in account lockout after 5 failed attempts.
 Locked accounts require IT helpdesk intervention.
+
+## Hardware tokens
+
+For production system access, hardware security keys (YubiKey 5) are preferred over TOTP.
+Contact IT to request a YubiKey. Replacement: maximum once per 2 years.