Passwords, passwords, passwords
We understand keeping track of hundreds of logins can be difficult. However, your login is the key to your security dashboard and thus weak passwords are not accepted. We advise users utilise a password manager to randomly generate and store a strong password.
Storing passwords securely
All passwords are salted and hashed using PBKDF2 with 100,000 iterations using HMAC-SHA256 as the pseudo-random function.
G Suite / Office 365 authentication
We utilise OAuth 2.0 to integrate with these platforms. We do not process or store the users credentials, instead we are provided with a token from the provider which we use to authenticate the user.
We recommend all administrators utilise the multi-factor authentication functionality offered in the application. To enable this, simply visit your profile and click two-factor authentication.