Policy
Multi-factor authentication is mandatory for Tier 1 platforms that control identity, source code, domains, production hosting, customer data or billing.
Tier 1 Platforms
| Platform | Primary identity | Required controls |
|---|---|---|
| Google Workspace | admin@cloudberrie.com | MFA, recovery method, protected admin access |
| GitHub | cb-engops | MFA, recovery codes, organization enforcement before inviting members |
| Cloudflare | accounts@cloudberrie.com | Authenticator or passkey plus stored recovery codes |
| Domain registrar | Business-controlled login | MFA and registry lock where available |
| Firebase / Google Cloud | Authorized company identity | MFA and least-privilege access |
Preferred Authentication Order
- Passkey or hardware security key, when supported.
- Authenticator application.
- Platform recovery codes stored in Apple Passwords and one controlled offline recovery copy.
- SMS only as a fallback when stronger methods are unavailable.