Added a password section to the opsec framework

[shallem]

Added a new section about passwords with the following sub-pages:

• A page describing good password policies (i.e. what makes a good password)
• A page introducing enterprise password managers, their security benefits, and their use case
• A page discussing single sign-on and why it should be used even though it introduces centralization risk
• A page discussing root account passwords (for cloud services) and how those should be handled specially

@mattaereal - feedback on all aspects of the PR are greatly appreciated.

[github-actions]

Sidebar Configuration Reminder

This PR includes added, renamed, or removed documentation files:

• docs/pages/opsec/passwords/basics.mdx (added)
• docs/pages/opsec/passwords/managers.mdx (added)
• docs/pages/opsec/passwords/overview.mdx (removed)
• docs/pages/opsec/passwords/rootaccounts.mdx (added)
• docs/pages/opsec/passwords/sso.mdx (added)

Please ensure that:

• The sidebar in vocs.config.tsx has been updated to include these files
• New content has the dev: true parameter so it's marked as under development
• Sidebar links match the file paths - use the preview deployment to verify

See Contributing Guide – Sidebar & Navigation for more details.

---

_{This is an automated reminder. If this PR doesn't need sidebar changes, you can ignore this message.}

[github-actions]

built with Refined Cloudflare Pages Action

⚡ Cloudflare Pages Deployment

Name	Status	Preview	Last Commit
frameworks	✅ Ready (View Log)	Visit Preview	92258ad

[frameworks-volunteer]

Model: z-ai/glm-5.1 Reasoning: high Provider: openrouter

Review: PR #468 — Password section for opsec framework

Content is well-structured and covers the topic thoroughly. Found a few issues that should be addressed before merge.

Issues (should fix)

1. Typo in vocs.config.tsx: collpased → collapsed — The sidebar config property is misspelled. Other entries in the same file use collapsed: false. This may silently fail (property ignored) rather than cause a build error.

2. Typo in sso.mdx: best pratice → best practice — Line in the "Advantages of Centralized Sign-in" section.

3. Typo in rootaccounts.mdx: the closed immediately → then closed immediately — Under "Keep root accounts cold", the sentence reads "sessions are opened when a key administrative function must be performed, the closed immediately via an explicit logout". Should be "then closed".

4. Broken internal link in opsec/overview.mdx — Line 47 links to /opsec/passwords/overview, which this PR deletes. Should be updated to /opsec/passwords/basics.

Minor (nice to fix)

5. Missing trailing newlines in managers.mdx, rootaccounts.mdx, and sso.mdx. Standard convention for text files.

Security Review

• No hardcoded secrets, tokens, or API keys
• No injection vectors (XSS, path traversal) — content is MDX documentation
• No unsafe deserialization or eval
• No suspicious dependencies
• Content accurately describes security best practices (password managers, SSO, cold root accounts, rotation policies)

QA Review

• Frontmatter format is valid and consistent with other pages in the repo
• Internal links to /opsec/mfa/overview, /opsec/passwords/sso, /opsec/passwords/rootaccounts are valid
• Contributor attribution is correct (shallem as author)
• The deleted overview.mdx placeholder is properly replaced with substantive content
• Spelling: 3 typos noted above; should check against cspell.json wordlist after fixes

Verdict: Request changes for the typos and broken link. All are quick fixes.

[mattaereal]

Hi shallem! Thanks again for this addition and for reviewing our volunteerś feedback.

A few suggestions below!

• Frontmatter descriptions (add/expand to 140-160 chars), for example:

• basics.mdx: "Implement strong password basics: length, complexity, uniqueness, generation to resist brute-force/dictionary attacks. Essential foundation." (142 chars)
• managers.mdx: "Configure password managers (Bitwarden, etc.) for secure storage, autofill, sharing. Includes self-hosting, TOTP, emergency access." (138 chars)
• rootaccounts.mdx: "Secure root/admin accounts: rotation, JIT access, monitoring. Prevents escalation in Linux/AWS/cloud." (expand to 140+)
• sso.mdx: "Use SSO (OAuth/SAML) for passwordless auth with Okta/Auth0. Reduces sprawl, enforces MFA/sessions." (expand)

• Don't mind index.md, it's generated automatically upon deployment.
• We're missing an overview.mdx, the 'basics' seems like it, adding an outline for the rest of the contents. You can check other categories to see what I'm talking about (but tl;dr, overview.mdx is the home for every category and subcategory).
• managers.mdx self-hosting: "Bitwarden supports self-hosting; alternatives: Vaultwarden, Passbolt."
• Run just lint, docs:build/preview; update vocs.config.tsx sidebar