QR Planet's Password Policy

We utilize and manage passwords in accordance with current security standards and common best practices.

This policy applies to

• Employees and contractors
• Partners
• Customers

with access to the company's SaaS platform or internal systems, both on-premises and remotely.

• Our password policy applies to all systems, whether they transmit, process or store Scoped or any other kind of Data,
• and to all constituent and client passwords.
• It has been approved by management, communicated to relevant employees and is enforced on all platforms and network devices.
• It prohibits a PIN or secret question as a possible stand-alone method of authentication.
• It also requires password changes in regular intervals or when there is an indication that systems or passwords have been compromised.
• It allows for Single-Sign-On (SSO) and Multy-factor Authentication (2FA), if activated on clientside.
• Initial and temporary passwords are random and complex and have to be changed upon first/next login.
• The password reset authority is restricted to authorized personell and an automated password reset tool.
• User IDs and passwords are communicated via separate media channels, like E-Mail or phone.
• It defines requirements for provisioning, resetting and storing passwords (encryption/hashed).
• It requires users to keep their passwords confidential and prohibts them
  from sharing passwords, keeping an unencrypted record of passwords and
  from storing unencrypted passwords in automated logon processes (e.g. Macros).
• System Access will be locked for one minute after four failed login attempts within a period of ten seconds.

The following password requirements apply to all accounts offered on QR Planet's SaaS solution:

All client passwords must be at least 8 characters long and contain

• at least one lowercase letter,
• at least one uppercase letter,
• at least one numerical character.