We've designed the system so that no one, including SailPoint or your administrators, has access to your passwords except you. They are encrypted (i.e. scrambled) on your computer, using a secure code called a local encryption key that is created based on your password. The encrypted version of the passwords is sent to SailPoint and the key is stored on your computer so no one else can decode it.
If you change your password on a different device than the one you normally use or if you change it outside of IdentityNow, you will be prompted to provide your old password as part of the reset process. This is because the system needs your original local encryption key to access the data in your password vault and then generate a new encryption key based on the new password.
For more information, see: