Question AAAI-14
Are there any passwords/passphrases hard-coded into your systems or products?
| Weight | 25 |
| High Risk | Yes |
| Required | Yes |
| Compliant Answer | No |
Standard Guidance
EDUCAUSE provides no guidance here
Answering "NO"
EDUCAUSE provides no guidance here
Answering "YES"
Provide a detailed description of passwords/passphrases hard-coded into your systems or products.
Reason for Question
The response to this question can reveal the use (or not) of coding best practices. If passwords/passphrases are hard-coded into systems/productions, the vendor should provide robust details supporting why this is required.
Follow-Up Inquiries
Vague responses to this question should be met with concern. Repeat the question if first answer insufficiently - ask pointedly to ensure the vendor is not misunderstood.
HECVAT Pro Advice
[Add expert insights and best practices]
Implementation Tips
[Add practical steps for SME SaaS vendors]
FAQ
[Add common questions related to this HECVAT item]
Resources
[Add links to relevant articles or tools]