General principles¶
Updated May 26, 2025
There are many procedures and systems in place to ensure the data stored on this computer is safe and that it is free from viruses, malwares and intrusions. We need your help to make sure this remains so…
Do not share your passwords¶
Do not share your passwords with anyone within or outside the company, ever, and through any means of communication. The IT Manager and the people who should require them already have a way to find this information. See Passwords for more details.
Password complexity¶
The passwords are long and complex for specific reasons, mainly to follow standards required by our major partners. You cannot change them on your own. If you wish to change them, please contact IT.
Professional email address¶
Use your @mobilitydata.org email exclusively for all professional communications.
Loss or theft of equipment¶
Do not install your work accounts on personal equipments¶
See Policies > Do not install your work accounts on personal equipments
Do not install personal services or applications on your work equipment¶
See Policies > Do not install your work accounts on personal equipments
New service subscription¶
Passkeys¶
Passkeys are the preffered method of authentification
Use passkeys(1) whenever possible. They offer a more secure way of authenticating than 2FA/MFA or even Single Sign-on (SSO). Not all services or websites offer Passkeys, see https://passkeys.directory/ for a list of websites and companies currently supporting Passkeys.
-
Passkeys are a new, safer way to sign in to apps and websites without using passwords. Instead of typing a password, you use your device (like your phone or computer) to confirm it’s really you — with a fingerprint, face scan, or PIN. Passkeys are harder to steal and protect you better from phishing and hacking.
See Glossary > Passkeys.
1Password offers native management of Passkeys, making it easy to share one when inside a Shared Vault. See Sign in faster and more securely with passkeys.
See Security > Zero Trust Security Model > Implement access management and identity verification
SSO (Single Sign-On)¶
SSO logins
Whenever possible, use your Google or GitHub account to login for services online as it is very secure and 2FA/MFA is not required. It is also known as SSO (single sign-on).
There will usually be icons that look like these:
SSO (Single Sign-On) is an authentication method that allows users to access multiple applications with one set of login credentials. In a zero-trust policy, SSO enhances security and user experience by centralizing authentication through a trusted identity provider. It supports continuous verification and monitoring, reduces password fatigue, and limits the attack surface by minimizing credential use across systems — aligning with the zero-trust principle of “never trust, always verify.”
Two-factor / Multi-factor authentification¶
If two-factor authentication (2FA), sometimes called multi-factor authentication (MFA), is available on an online service that you are using, it is recommended to enable it.
See Security > Zero Trust Security Model > Implement access management and identity verification
One-time password in 1Password
1Password has a tool built-in for this. Follow the instructions on this page.
Suspicious activity¶
If you are unsure if doing something online is safe or not, or if you receive an email or file from someone you do not know or find suspicious, please contact the IT Manager so we can verify its validity.
Malware and virus protection¶
There is a powerful anti-virus and anti-malware software installed on your computer and therefore it is generally relatively safe to navigate online (nothing is ever 100%, even in Cybersecurity).
Working remotely¶
If you need to work outside your home network, whenever possible, use your personal smartphone by sharing its cellular connection (often called Personal Hotspot or Mobile Hotspot). Here are the instructions for most platforms:
You are responsible for your work equipment¶
Lastly, it should go without saying but please do not leave your computer unattended in a public space, or in the presence of people who are not part of the organization, within reason. Closing the lid of your laptop is all you need to secure it.