Standard Change - Purchase a ProgCode Password Management Account

[stephenscapelliti]

Description

This is a proposal to purchase a password management account for access and use by ProgCode Operations Staff and other community members in fulfillment of the ProgCode mission.

The password management account under consideration is a 1Password Teams membership account which is being offered to ProgCode with a 50% discount of the annual subscription price for life.

Problem

The ProgCode community relies on many services through accounts maintained by providers, all of which are accessed through logins and passwords. In the earliest days of our community, volunteers created these accounts and volunteered to be responsible for maintaining them for community access. As the community grew, this arrangement posed a potential security risk and risk of lost access, when login information was lost or persons holding the accounts were unavailable.

Benefit

A 1Password Teams account would decentralize control of accounts necessary for ProgCode community operations and enable account access to staff and other community members on an as-needed basis. The 1Password Teams account would secure and preserve the accounts for the benefit of present and future community members.

Expenditure Analysis

This proposed solution would require a minor monthly expenditure ($19.95/month x 50% = $9.98/month).

The requirements of Issues #198 and #236 are applicable, as follows:

Proposals seeking consent for implementation of budget requests and/or change process should not contradict ProgCode core objective and should pass this four-pronged test when considered by operations:

1. Is this proposal non-partisan in nature? Yes
2. Is this proposal aligned with ProgCode's mission of removing the influence of big money in politics? Yes
3. Does this proposal seek to empower the grassroots by supporting the creation of open source tech? Yes
4. Is this proposal sponsored or funded by an outside organization? If yes, the source of the funding must be disclosed. No

Plan

• Community discussion of all elements of this proposal at the 10.25.2021 Community Operations Meeting.
• Vote for consent to implement the standard change to purchase a month-to-month 1Password Teams account for access by ProgCode Staff and community members assisting the staff, on a need-for-access basis.
• If the vote for consent to implement passes, purchase a month-to-month 1Password Teams account for the ProgCode Administration account in whatever capacity is approved in a community operations meeting.
• Notify the community of the vote taken by posting a #team-announcement and sharing the video URL in #operations immediately following the 10.25.2021 Community Operations Meeting to allow additional votes & feedback during the standard 72-hour waiting period before ratifying the vote.
• Initiate discussions to create and adopt protocols for the use of and access to the 1Password Teams account. The protocols should include, without limitation, the following purposes:
• Maintain access to ProgCode resources by the community:
  • To prevent community member departures from causing a loss of access to ProgCode accounts by the greater ProgCode community
  • To facilitate delegation of access to 2factor-protected accounts that are becoming the norm
• Secure ProgCode resources:
  • To discontinue the practice of sharing credentials over insecure channels
  • To make credential rotation easier in the event of account compromise
• Identify the general purposes for which access to each account is needed, the related criteria for determining need, and the relevant period for which access is required.
• Operations Staff and other community members will create a standard process for use, maintenance, and security of the ProgCode 1Password Teams account.
• Keep this issue open for possible amendment at a later date, for continuing the account, increasing capacity at a later date, or cancelling the account.

Decision Making

Consent to implement a standard change per the Change Process

Optional Information

Reference link(s)

• 1Password Features
• 1Password Pricing
• Change Process

Community Discussion History:

• 02.26.2017 - Issue 81 "Funding Framework"
• 05.15.2017 - Issue 198 "Four Pronged Test for Mission Alignment"
• 06.18.2018 - Issue 236 "Standard Change - Budget Expense Requests"

[noahsbwilliams]

This gets a vote of confidence from a resident security advisor!

Passwords should 💯 be generated by and stored in a secure, purpose-built tool. 1Password is a proven, well-audited choice for this task.

[Sema-Hernandez]

I am voting YES on this proposal.

[jpb5013]

I think we're going to have the votes to make it happen! Strong yes!

…

On Mon, Oct 25, 2021 at 3:07 PM semahernandez ***@***.***> wrote: I am voting YES on this proposal. — You are receiving this because you were assigned. Reply to this email directly, view it on GitHub <#264 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AC3GNKYWSTDEBJENZUK3NULUIWTHRANCNFSM5GPXCZ5Q> . Triage notifications on the go with GitHub Mobile for iOS <https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675> or Android <https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub>.

[jake3030]

👍