Trusted DAO members (multisig signers and workstream leaders with tenure greater than one year) are responsible for protecting Sensitive Credentials on behalf of the DAO. If given to the wrong people, Sensitive Credentials can bring irreparable harm to the DAO in the form of lost funds or lost reputation — both of which could be difficult or impossible to reclaim.
A sensitive credential is one that grants administrator or owner access and/or the ability to revoke or change access of other DAO members.
Sensitive credentials control a system or service that falls in any one or more of these categories:
While it would be harmful to the DAO to have a user account’s credentials fall into the wrong hands, an administrator or owner account can still revoke the user account and retain control of the system or service.
However, if an administrator or owner credential falls into the wrong hands, there is no “higher user” that is able to revoke credentials from the bad actor and reclaim ownership of the account for the DAO. This is what gives the sensitivity to a Sensitive Credential.
Trusted DAO members:
It is recommended that the number of DAO members who have a copy of a Sensitive Credential is minimized.
No fewer than 2 DAO members should have a copy of a Sensitive Credential, and ideally no more than 5 DAO members should have a copy.
<aside> 💡 If you are the only DAO member with a copy of the Owner credentials to a service, you are placing the DAO at unnecessary risk! Please transfer Sensitive Credentials to the Trusted DAO members to manage.
</aside>
Sensitive Credentials should only be stored using a password manager. No exceptions.
Sensitive Credentials should: