Passwords are an important aspect of computer security. A weak password may result in unauthorized access and exploitation of the company’s resources. All users and personnel with access to the company’s resources need to responsibly take appropriate steps to secure their passwords.
The purpose of this policy is to establish a standard for creation and protection of passwords.
The scope of this policy includes all personnel who have access to company resources.
Password Storage Standards
Presently, Apty supports passwords for two types of login scenarios:
SSO: Apty supports both SAML 2.0 and OAuth 2.0 single sign-on authentication which allows a user to access multiple applications with one set of login credentials. When a user logs in through the client’s SSO, Apty does not store the SSO password.
Email ID: When a user logs in to an application using Email ID, the password is being verified against the hash and salt format in the Apty database. The hashed passwords are salted to guarantee a unique output, even when the inputs are the same.