We've designed the system so that no one, including SailPoint or your administrators, has access to your passwords except you. They are encrypted (i.e. scrambled) on your computer, using a secure code called an encryption key that is created based on your password. The code is referred to as a local encryption key because the key is stored on your computer so no one else can decode it. Only the encrypted version of the passwords is sent to IdentityNow.
If you change your password on a different device than the one you normally use or if you change it outside of IdentityNow, you will be prompted to provide your old password as part of the reset process. This is because the system needs your original local encryption key to access the data in your password vault and then generate a new encryption key based on the new password.
In addition, IdentityNow sends you an email notification anytime your IdentityNow password or an app-specific password changes.
We also protect your IdentityNow account from attacks by:
- Locking it if someone enters the wrong password too many times. See Why is my IdentityNow account locked out? for more information.
- Letting an administrator end a session and force a password reset. See Why am I signed out so quickly from IdentityNow? for more information.
- Preventing IdentityNow password resets under certain circumstances. See Why can't I reset my password? for more information.
For more information, see: