Do you store my Credentials?
AA Password Policy (posted below) states to not share your AA password with any third party companies. We want to stress that your private data is encrypted before being viewed by our systems. You are NEVER sharing your password with us, just a highly encrypted string (see example below).
By the time your encrypted string is logged to our system there is no way to decipher or decode what your password began as. We have designed our systems to ensure that your JetNet password or DECs password is never visible to anyone (even you). If any of this data changes you would need to remove the old on and update it with a new password. We utilize end to end encryption and never store any of this sensitive data in plain text.
Example of Encryption:
- Example Password: mypassword
- What we store in database: SGtIN0FZejhPK0tveXpna29Sa3lmdz09
- Decoded Database storage: A;8$2 (not “mypassword”)
Again we have zero access to view your private data, ever.
AA PASSWORD SECURITY POLICY
2.4. Password Security
· Ensure that your passwords for company accounts are different from personal passwords.
· Create strong passwords using the following guidelines:
§ Contain at least 7 alphanumeric characters
§ Must be changed every 90 days
§ Contain at least 3 of the following 4 types of characters:
§ English upper-case letters (e.g., A, B, C, … Z)
§ English lower-case letters (e.g., a, b, c, … z)
§ Westernized Arabic numerals (e.g., 1, 1, 2, … 9)
§ Non-alphanumeric, special characters (e.g., ?, !, %, $, #, etc.)
· Passwords must not be shared with anyone, including administrative assistants, managers, colleagues, family members and third-party businesses.
· Avoid keeping a written record of password.
· Any suspicion of password compromise must be reported to the IT Help Desk (1-866-523-5333) or your supervisor. If password compromise is suspected, change all passwords immediately.
AA PASSWORD STORAGE POLICY
|Area Name:||4.2 Password Storage and Transmission|
|Area Description:||• Password credentials will be secured both at rest and at transit. Specifically, the following requirements will be met at a minimum:• American approved encryption or hashing algorithms will be used to secure passwords both at storage and transit|
• Passwords will not be stored or hard-coded in plain text, or other readable form, in source code, batch files, command files, automatic logon scripts, shell scripts, communication scripts, software macros, terminal function keys, systems and software applications.