4.14. Configuration and Policy Security

4.14.1. Authentication Policy

4.14.1.1. Password Policy

• Unlimited password minimum digits

• Unrestricted password must contain character set

• common password

• personal information

  • Phone number

  • Birthday

  • Name

  • Username

• Common weak passwords not detected

  • Leaked common passwords

  • keyboard mode

4.14.1.2. Encryption Implementation

• Store the private key on the client side

4.14.2. Permission configuration

• The granularity of the authority of the operation and maintenance personnel is too large

• Customer service staff authority granularity is too large

4.14.3. Supply chain security

4.14.3.1. Three-party authentication

• Use the attacked third-party service account to log in to other platform accounts

4.14.3.2. Third Party Libraries/Software

• No timely updates after the vulnerability was disclosed