Documentation Index

Fetch the complete documentation index at: https://supporthub.usheru.com/llms.txt

Use this file to discover all available pages before exploring further.

Security Policy

Prev Next

# Security Policy for team members

This article explains the basic security practices every team member should follow when logging in to tools, creating passwords, storing credentials, and sharing confidential information.

Following these practices helps protect usheru systems, customer data, partner information, and internal company documents.

Use Google login whenever available

When a tool offers Sign in with Google, use that option instead of creating a separate username and password.

Using Google login is preferred because:

  • It reduces the number of passwords you need to create and manage.
  • Access can be managed centrally through company Google accounts.
  • Security settings such as two-step verification can be applied consistently.
  • Access can be removed more reliably when someone changes role or leaves the company.

Only create a separate password for a tool when Google login is not available or when a specific system requires it.

Create strong passwords when a password is required

When you do need to create a password, make sure it is strong, unique, and stored securely.

A good password should:

  • Be unique for that specific tool or account.
  • Be long, ideally 16 characters or more.
  • Avoid personal information such as names, birthdays, company names, or common words.
  • Avoid small variations of previous passwords.
  • Not be reused across different tools.

Never reuse your Google password, email password, or any other important account password for third-party tools.

Use KeePass to store passwords

Team members should use KeePass as their password manager for work-related passwords when a separate password is required.

KeePass helps you generate and store strong passwords securely, so passwords do not need to be saved in notes, spreadsheets, documents, Slack messages, emails, screenshots, or browser tabs.

To get started with KeePass:

  1. Go to the official KeePass website: https://keepass.info.
  2. Download the appropriate KeePass version for your device.
  3. Install KeePass following the instructions for your operating system.
  4. Create a new password database for work credentials.
  5. Protect the database with a strong master password that you do not use anywhere else.
  6. Store the KeePass database file somewhere secure and backed up according to your team’s process.

When using KeePass:

  • Use the password generator to create strong, unique passwords.
  • Save the account name, login URL, username, and password for each tool.
  • Do not reuse passwords across different services.
  • Do not share your KeePass master password with anyone.
  • Lock KeePass when you are not actively using it.
  • Keep KeePass updated so you have the latest security fixes.

Do not store work passwords in plain text files, browser-based password manager tools, personal note-taking apps, spreadsheets, screenshots, or shared documents.

Do not share passwords through email or chat

Passwords and confidential information should not be shared through:

  • Email
  • Slack or other chat tools
  • Google Docs or Sheets
  • Screenshots
  • Plain text files
  • Calendar invitations
  • Project management comments

Even if the message is sent privately, these tools are not intended for sharing secrets. Messages can be forwarded, searched, synced, exported, or retained longer than expected.

Share passwords and confidential data using secret.usheru.com

When you need to share a password, API key, token, or other confidential information with another team member, use:

https://secret.usheru.com

Use this for sharing information such as:

  • Passwords
  • API keys
  • Access tokens
  • Recovery codes
  • Private credentials
  • Sensitive customer or partner information
  • Any information that should not remain visible in chat, email, or documents

When sharing a secret:

  1. Go to https://secret.usheru.com.
  2. Add the confidential information.
  3. Generate the secure secret link.
  4. Send the link to the intended recipient only.
  5. Do not also paste the secret itself into the message.

Only share secrets with people who genuinely need access.

Protect your Google account

Your Google account is one of your most important work accounts because it may provide access to email, documents, calendars, and other tools.

To protect it:

  • Use a strong password that is not reused anywhere else.
  • Keep two-step verification enabled.
  • Do not approve login prompts you did not request.
  • Review suspicious login alerts immediately.
  • Do not share your Google account credentials with anyone.
  • Lock your device when stepping away from your desk.

If you believe your Google account may have been compromised, report it immediately.

Be careful with confidential company and customer information

Treat the following as confidential unless told otherwise:

  • Customer data
  • Partner data
  • Commercial agreements
  • Pricing information
  • API keys and credentials
  • Internal reports
  • Product roadmaps
  • Financial information
  • Personal data
  • Security-related information

Before sharing confidential information, check:

  • Does this person need this information to do their job?
  • Is this the right channel to share it?
  • Should this be shared as a secret instead?
  • Could this expose customer, partner, or company data?

When in doubt, ask before sharing.

Keep devices secure

Any device used for work should be kept secure.

Team members should:

  • Use a password, PIN, fingerprint, or other screen lock.
  • Keep the operating system and browser up to date.
  • Install security updates promptly.
  • Avoid installing unknown or unnecessary software.
  • Lock the screen when away from the device.
  • Avoid using shared or public computers for work accounts.
  • Be careful when using public Wi-Fi.

Watch out for phishing

Phishing attempts may try to trick you into entering passwords, approving logins, downloading files, or sharing confidential information.

Be cautious with messages that:

  • Create urgency or pressure.
  • Ask you to log in through an unfamiliar link.
  • Ask for passwords, codes, payment details, or credentials.
  • Contain unexpected attachments.
  • Come from an address that looks similar but is not quite correct.
  • Ask you to bypass normal security processes.

Do not enter credentials through links you do not trust. Go directly to the official website instead.

Report security concerns

Report anything suspicious as soon as possible, including:

  • A password shared in the wrong place.
  • A lost or stolen device.
  • A suspicious login notification.
  • A phishing email or message.
  • Accidental sharing of confidential information.
  • Access to a tool or document that seems incorrect.
  • Any suspected account compromise.

It is better to report a concern early, even if it turns out not to be a problem.

Summary

Team members should follow these core practices:

  • Use Sign in with Google whenever available.
  • Use KeePass to generate and store passwords.
  • Create strong, unique passwords when passwords are required.
  • Never share passwords or confidential data through email, chat, documents, or screenshots.
  • Use secret.usheru.com to share passwords, API keys, tokens, and other sensitive information.
  • Keep your Google account and work devices secure.
  • Report suspicious activity or mistakes as soon as possible.