Being a decentralized organization, our contributors are spread throughout the globe, and we heavily rely on various online platforms and tools to aggregate our coordination and communication. Because of this, some of our contributors may need to request access to TEC accounts on these platforms so as to efficiently perform some tasks that are necessary in our operations and will help us push our mission forward.
While our community is built on trust, it’s still best to establish security practices in our organization. Giving access to TEC accounts should therefore be done with extra caution.
In reference to the forum post regarding credentials management, we have come up with a simple process for requesting and giving access to TEC accounts:
- The contributor will reach out to any admin of the platform they want to be part of and discuss how they want to contribute.
- The contributor may request access to the platform by filling out this Typeform. This is our version of KYC or we can call it “Know Your Contributor”. Don’t worry, we won’t be asking for unnecessary personal information!
- The information from the Typeform will then be reviewed by the credentials managers (as of writing, they are Zeptimus, Chuy, and Ivy) and shared with the Community Stewards.
- The Community Stewards will vote in a poll whether the contributor will be given access or not.
- If none of the Stewards vote against it within 24hrs, the credentials managers will give the access corresponding to that Typeform. This process would have a delay of 48hrs more or less.
To manage the risk of sharing TEC account credentials, it has been decided through forum voting to use Dashlane until more decentralized technologies such as NuCypher or Fidelius are available. This way, only the credentials managers will hold the TEC passwords. Contributors will get access to TEC accounts without knowing the log-in details. Contributors are expected to follow the TEC Code of Conduct for Platform Admins.
The credentials managers will audit the list of contributors who have access to TEC accounts every 2 months. They may also reset the passwords after the audit to revoke the access of inactive contributors.
This process may evolve. If anyone has suggestions to improve it, please reply to this post or drop us a message in the Transparency channel on Discord. We appreciate your feedback!