Use Secure Defaults

As an administrator, you want to make the user experience secure and reduce the number of default security settings. Configure security settings so that users must opt out of default security settings rather than opt in. If there's a security risk, clearly label insecure functionality in APIs or the user interface to discourage use.

Here are some examples.

Call a function "dangerousInlineHTML". Don't call it "inlineHTML".
Business Manager enforces security questions for password reset by default. This setting should always be enabled, but customers can choose to disable it if their business demands it.

Show URL

Submit Feedback

X Privacy Update: We use cookies to make interactions with our websites and services easy and meaningful, to better understand how they are used. By continuing to use this site you are giving us your consent to do this. Privacy Policy.