Does Ideanote have a password policy?

Yes, Ideanote has an internal password policy as part of the SOC2 ISMS. It included password length, MFA and SSO requirements.

We use Google G-Suite as our corporate single sign-on platform. This application controls our access to the various applications that Ideanote uses. Ideanote uses multi factor authentication  to  gain  access  to  the  system. With  regards  to  the  password  policy specifically, they are set as follows: (a) passwords must be a minimum of 16 characters; (b) they must contain some lower case letters, and they cannot contain part of the username; and (c) users are locked out after 10 failed login attempts.

To learn more about the security of G-Suite as identity provider, please see https://static.googleusercontent.com/media/gsuite.google.com/en/security/g-suite-security-ebook.pdf

Keys for encryption of customer data at rest are  managed by our cloud provider, Google. You can find additional information about Google's key management procedures here: https://cloud.google.com/kms/.

We use public/private keys to secure access to code repositories. Keys used by staff are generated by Ideanote employees on an individual basis and stored in encrypted form.