From 3acf53c77eef2dfebed2106391004e62d4211519 Mon Sep 17 00:00:00 2001
From: Rob Kelly <contact@robkel.ly>
Date: Tue, 30 Dec 2025 13:20:22 -0700
Subject: [PATCH] Added password manager details to best-practices document

---
 best_practices.md | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/best_practices.md b/best_practices.md
index 5b2385a..82b58c2 100644
--- a/best_practices.md
+++ b/best_practices.md
@@ -6,3 +6,15 @@ to protect ourselves as an organization from external threats.
 
 This document is maintained by the Infrastructure Committee. Any
 change to this document should be announced to the collective body.
+
+## Infrastructure Login Credentials & Authentication Information.
+
+The login credentials and other operating information (security
+questions, recovery passphrases, etc) for
+[core infrastructure](core_infrastructure.md), social media accounts,
+and other systems associated with the Collective should be stored in
+the Collective password manager vault tracked in the
+[infrastructure](intrusive/infrastructure) repository.
+
+Such information should not be stored or recorded in any form or place
+other than the Collective password manager vault.