Added a password section to the opsec framework

[shallem]

Added a new section about passwords with the following sub-pages:

• A page describing good password policies (i.e. what makes a good password)
• A page introducing enterprise password managers, their security benefits, and their use case
• A page discussing single sign-on and why it should be used even though it introduces centralization risk
• A page discussing root account passwords (for cloud services) and how those should be handled specially

@mattaereal - feedback on all aspects of the PR are greatly appreciated.

[github-actions]

Sidebar Configuration Reminder

This PR includes added, renamed, or removed documentation files:

• docs/pages/opsec/passwords/basics.mdx (added)
• docs/pages/opsec/passwords/managers.mdx (added)
• docs/pages/opsec/passwords/overview.mdx (removed)
• docs/pages/opsec/passwords/rootaccounts.mdx (added)
• docs/pages/opsec/passwords/sso.mdx (added)

Please ensure that:

• The sidebar in vocs.config.tsx has been updated to include these files
• New content has the dev: true parameter so it's marked as under development
• Sidebar links match the file paths - use the preview deployment to verify

See Contributing Guide – Sidebar & Navigation for more details.

---

_{This is an automated reminder. If this PR doesn't need sidebar changes, you can ignore this message.}

[github-actions]

built with Refined Cloudflare Pages Action

⚡ Cloudflare Pages Deployment

Name	Status	Preview	Last Commit
frameworks	✅ Ready (View Log)	Visit Preview	c07c7bc

[frameworks-volunteer]

Model: z-ai/glm-5.1 Reasoning: high Provider: openrouter

Review: PR #468 — Password section for opsec framework

Content is well-structured and covers the topic thoroughly. Found a few issues that should be addressed before merge.

Issues (should fix)

1. Typo in vocs.config.tsx: collpased → collapsed — The sidebar config property is misspelled. Other entries in the same file use collapsed: false. This may silently fail (property ignored) rather than cause a build error.

2. Typo in sso.mdx: best pratice → best practice — Line in the "Advantages of Centralized Sign-in" section.

3. Typo in rootaccounts.mdx: the closed immediately → then closed immediately — Under "Keep root accounts cold", the sentence reads "sessions are opened when a key administrative function must be performed, the closed immediately via an explicit logout". Should be "then closed".

4. Broken internal link in opsec/overview.mdx — Line 47 links to /opsec/passwords/overview, which this PR deletes. Should be updated to /opsec/passwords/basics.

Minor (nice to fix)

5. Missing trailing newlines in managers.mdx, rootaccounts.mdx, and sso.mdx. Standard convention for text files.

Security Review

• No hardcoded secrets, tokens, or API keys
• No injection vectors (XSS, path traversal) — content is MDX documentation
• No unsafe deserialization or eval
• No suspicious dependencies
• Content accurately describes security best practices (password managers, SSO, cold root accounts, rotation policies)

QA Review

• Frontmatter format is valid and consistent with other pages in the repo
• Internal links to /opsec/mfa/overview, /opsec/passwords/sso, /opsec/passwords/rootaccounts are valid
• Contributor attribution is correct (shallem as author)
• The deleted overview.mdx placeholder is properly replaced with substantive content
• Spelling: 3 typos noted above; should check against cspell.json wordlist after fixes

Verdict: Request changes for the typos and broken link. All are quick fixes.