Overview
Passwords are an important aspect of computer security. A weak password may result in unauthorized access and exploitation of the company’s resources. All users and personnel with access to the company’s resources need to responsibly take appropriate steps to secure their passwords.
Purpose
The purpose of this policy is to establish a standard for creation and protection of passwords.
Scope
The scope of this policy includes all personnel who have access to company resources.
Password Storage Standards
Password Expiry
- Your password will be valid for a maximum of 90 days.
- Once your password expires, you'll be prompted to create a new password the next time you try to log in to Apty.
- No notification will be sent to the user until the password has expired.
Note:
Apty recommends that you change your password within 90 days from the day you first created it.
Presently, Apty supports passwords for two types of login scenarios:
- SSO
Apty supports both SAML 2.0 and OAuth 2.0 single sign-on authentication which allows a user to access multiple applications with one set of login credentials. When a user logs in through the client’s SSO, Apty does not store the SSO password.
- Email ID
When a user logs in to an application using Email ID, the password is being verified against the hash and salt format in the Apty database. The hashed passwords are salted to guarantee a unique output, even when the inputs are the same.