diff --git a/common-practices-tools/security/README.md b/common-practices-tools/security/README.md
index c6cd5c883e..29a46c6704 100644
--- a/common-practices-tools/security/README.md
+++ b/common-practices-tools/security/README.md
@@ -47,7 +47,7 @@ Multi-Factor Authentication (MFA), sometimes known as Two-Factor Authentication
 
 If you lose your second factor (say a Yubikey or your phone) you may not be able to unlock the service any more. For this reason it is crucially important that you have a [backup second factor](#multi-factor-redundancy-and-mfa-backup-codes) for each MFA-enabled service.
 
-CivicActions requires MFA for access to your password manager, the CivicActions Google Workspace, GitHub, Gitlab and for any *privileged account* access.
+CivicActions requires MFA for access to your password manager, the CivicActions Google Workspace, GitHub, Gitlab and for any _privileged account_ access.
 
 ### Multi-Factor Authenticators (MFA)
 
diff --git a/company-policies/security.md b/company-policies/security.md
index 5b2baef514..3d86bd5ca1 100644
--- a/company-policies/security.md
+++ b/company-policies/security.md
@@ -115,7 +115,7 @@ If a system is believed to be compromised, either through theft, loss, remote ac
 
 ## Password Policy
 
-Strong passwords provide the basis for secure authentication to many systems and services. 
+Strong passwords provide the basis for secure authentication to many systems and services.
 
 To qualify as a strong password, it must be at least 16 characters long with multiple character types and no repetitions. A longer _passphrase_ consisting of several words in an order that make sense only to you can work well as a _memorized secret_.