Skip to content

Commit d8f8835

Browse files
DicksonWu654DicksonWu654
committed
Fix lint in browser hardening guide
1 parent a63a346 commit d8f8835

File tree

2 files changed

+6
-2
lines changed

2 files changed

+6
-2
lines changed

docs/pages/guides/endpoint-security/web-browser-hardening.mdx

Lines changed: 5 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -32,6 +32,7 @@ tight, and make origin-checking part of the operating procedure before you conne
3232

3333
This page focuses on desktop browser use for Web3 work. It complements endpoint hardening, account security, and wallet
3434
security, but it does not replace them.
35+
3536
## For Individuals
3637

3738
These steps apply to anyone using a browser to access dapps, exchanges, admin consoles, registrars, dashboards, or
@@ -116,8 +117,6 @@ Focus on the settings that meaningfully reduce attack surface:
116117
- **Authentication:** use passkeys or hardware security keys for email, SSO, source control, cloud, and other accounts
117118
that can be used to pivot into Web3 operations
118119

119-
---
120-
121120
## For Team Members
122121

123122
These guidelines apply to staff working in a shared organizational environment.
@@ -130,6 +129,7 @@ Team members should:
130129
- Avoid syncing privileged profiles to unmanaged devices without explicit approval
131130
- Keep browser protections enabled and do not bypass warnings just to complete a task faster
132131
- Escalate suspicious domains, signing prompts, or new dapps before using them with a work wallet
132+
133133
## For Admins
134134

135135
These settings and practices apply to administrators managing browsers for engineers, operators, finance, treasury, or
@@ -159,6 +159,7 @@ other privileged users.
159159
- Keep exception handling narrow and explicit; do not let a "temporary" site permission or extension become permanent
160160
- If a team depends on a small set of critical dapps, internal guidance should define the approved domains and expected
161161
connect/sign flow for each one
162+
162163
## Web3-Specific Operational Rules
163164

164165
Browser hardening matters in Web3 because the browser is often the access path to a wallet, not just a place to read
@@ -174,6 +175,7 @@ Use these operating rules consistently:
174175
6. Do not store seed phrases or private keys in browser-based secret storage.
175176
7. Treat "urgent" dapp prompts, fake support chats, and recovery requests as likely phishing attempts.
176177
8. If a prompt is confusing, stop and verify with another team member before signing.
178+
177179
## Related Guides
178180

179181
- [GitHub Security](/guides/account-management/github)
@@ -187,5 +189,6 @@ Use these operating rules consistently:
187189
- [W3C WebAuthn Level 3](https://www.w3.org/TR/webauthn-3/)
188190
- [NCSC: Managing Web Browser Security](https://www.ncsc.gov.uk/collection/device-security-guidance/policies-and-settings/managing-web-browser-security)
189191
- [MetaMask: What Is a Secret Recovery Phrase, and How to Secure Your Wallet](https://support.metamask.io/start/what-is-a-secret-recovery-phrase-and-how-to-keep-your-crypto-wallet-secure/)
192+
190193
</TagProvider>
191194
<ContributeFooter />

wordlist.txt

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -337,3 +337,4 @@ rootfs
337337
GitHub
338338
GitLab
339339
GoDaddy
340+
NCSC

0 commit comments

Comments
 (0)