Guidelines
I. CODE OF CONDUCT
The following Code of Conduct is a derivative of the Ubuntu Code of Conduct by the Ubuntu Project (licensed under the CC BY-SA 3.0 licence) and is itself licensed under the CC BY-SA 3.0 licence.
We want a productive, happy and agile community that can welcome new ideas and foster collaboration between groups with very different needs, interests and skills.
We gain strength from diversity, and actively seek participation from those who enhance it. This Code of Conduct exists to ensure that diverse groups collaborate to mutual advantage and enjoyment. We will challenge prejudice that could jeopardise the participation of any person in our projects.
The Code of Conduct governs how we behave in public and in private. We expect it to be honoured by everyone who represents our projects officially or informally, claims affiliation with our projects, or participates in our community.
We strive to:
1. Be considerate
Our work will be used by other people, and we in turn will depend on the work of others. Any decision we take will affect users and colleagues, and we should consider them when making decisions.
2. Be respectful
Disagreement is no excuse for poor manners. We work together to resolve conflict, assume good intentions and do our best to act in an empathic fashion. We don't allow frustration to turn into a personal attack. A community where people feel uncomfortable or threatened is not a productive one.
3. Take responsibility
We can all make mistakes; when we do, we take responsibility for them. If someone has been harmed or offended, we listen carefully and respectfully, and work to right the wrong.
4. Be collaborative
Collaboration between individuals that each have their own goal and vision is essential; for the whole to be more than the sum of its parts, each part must make an effort to understand the whole.
Collaboration reduces redundancy and improves the quality of our work. Internally and externally, we celebrate good collaboration.
5. Value decisiveness, clarity and consensus
Disagreements, social and technical, are normal, but we do not allow them to persist and fester leaving others uncertain of the agreed direction.
We expect participants in our projects to resolve disagreements constructively. When they cannot, we escalate the matter to structures with designated leaders to arbitrate and provide clarity and direction.
6. Ask for help when unsure
Nobody is expected to be perfect in this community. Asking questions early avoids many problems later, so questions are encouraged, though they may be directed to the appropriate forum. Those who are asked should be responsive and helpful.
7. Step down considerately
When somebody leaves or disengages from a project, we ask that they do so in a way that minimises disruption to the project. They should tell people they are leaving and take the proper steps to ensure that others can pick up where they left off.
8. Value discussion, data and decisiveness
We gather opinions and data from our community before taking a decision.
The poorest decision of all is no decision: clarity of direction has value in itself. Sometimes all the data are not available, or consensus is elusive. A decision must still be made. There is no guarantee of a perfect decision every time - we prefer to err, learn, and err less in future than to postpone action indefinitely.
None of us expects to agree with every decision, and we value highly the willingness to stand by our projects and help them deliver even on the occasions when we ourselves may prefer a different route.
9. Encourage teamwork
A leader's foremost goal is the success of the team.
A leader knows when to act and when to step back. They know when to delegate work, and when to take it upon themselves.
10. Credit where credit is due
A good leader does not seek the limelight, but celebrates team members for the work they do. Leaders may be more visible than members of the team, good ones use that visibility to highlight the great work of others.
11. Be courageous and considerate
Leadership occasionally requires bold decisions that will not be widely understood, consensual or popular. We value the courage to take such decisions, because they enable our projects to move forward faster than we could if we required complete consensus. Nevertheless, boldness demands considerateness; take bold decisions, but do so mindful of the challenges they present for others, and work to soften the impact of those decisions on them.
This Code of Conduct is not exhaustive or complete. It is not a rulebook; it serves to distil our common understanding of a collaborative, shared environment and goals. We expect it to be followed in spirit as much as in the letter.
II. SECURITY RECOMMENDATIONS
The following recommendations are based on and contain public sector information from the National Cyber Security Centre [1][2], licensed under the Open Government Licence v3.0.
Protect your account and your email by using strong, separate passwords
Cyber criminals can use your email to access many of your personal accounts and find out vital personal information, such as your bank details, address or date of birth.
Having a strong, separate password for your email means that if cyber criminals steal the password for one of your other accounts, they can’t use it to access your email account.
Use three random words to create a strong password
A good way to create a strong and memorable password is to use three random words. Numbers and symbols can still be used if needed, for example 3redhousemonkeys27!
Be creative and use words memorable to you, so that people can’t guess your password. Your social media accounts can give away vital clues about yourself so don’t use words such as your child’s name or favourite sports team which are easy for people to guess.
Cyber criminals are very smart and know many of the simple substitutions we use such as ‘Pa55word!” which utilises symbols to replace letters.
Never use the following personal details for your password:
- Current partner’s name
- Child’s name
- Other family members’ name
- Pet’s name
- Place of birth
- Favourite holiday
- Something related to your favourite sports team
Use two-factor authentication (2FA)
Doing this makes it harder for criminals to access your account, even if they know your password.
Two-factor authentication (often shortened to 2FA) provides a way of 'double checking' that you really are the person you are claiming to be when you're using our online services.
When setting up 2FA, we will ask you to provide a 'second factor', which is something that you (and only you) can access.
Why should I use 2FA?
Passwords can be stolen by cyber criminals, potentially giving them access to your account. However, an account that has been set up to use 2FA will require an extra check, so even if a criminal knows your password, they won't be able to access your account.
Like the NCSC, we strongly recommend that you set up 2FA on all your 'important' accounts; these will typically be the 'high value' accounts that protect things that you really care about, and would cause the most harm to you if the passwords to access these accounts were stolen. You should also use it for your email, as criminals with access to your inbox can use it to reset passwords on your other accounts.
What type of 2FA is available at millaire.com?
When 2FA is switched on, you'll be asked to provide a second factor in order to access your account: a code that's created by an authenticator app of your choice.
Authenticator apps on your smart phone (or tablet), such as Microsoft Authenticator, Google Authenticator or Authy offer lots of advantages over other 2FA types like text messages, such as not needing a mobile signal, or having to wait for a text message to arrive. Once you've installed an authenticator app, you can typically use the same app when setting up 2FA on any accounts that have this as an option.
How do I set up 2FA?
You can enable 2FA in your Account Security Settings by following the instructions provided there. Unless you already have, you will need to download an authenticator app you trust, such as Microsoft Authenticator, Google Authenticator or Authy.
Do I have to use 2FA every time I access millaire.com?
Typically, no. Once set up, you will only be asked for it when you're doing something where it would matter if it was a cyber criminal, rather than you. This stops cyber criminals from doing things that could harm you, but means that you don't have to be checked every time. We will request 2FA whenever you are:
- Logging in from a new device
- Logging in from a known device - unless you are kept logged in automatically because you have used the Remember Me checkbox
- Managing Authorized Devices
- Changing email address - you will also need to re-enter your password
- Changing password - you will also need to re-enter your current password
- Updating two-factor authentication setup - you will also need to re-enter your password