Yes, Ideanote has an internal password policy as part of the SOC2 ISMS. It included password length, MFA and SSO requirements.
We use Google G-Suite as our corporate single sign-on platform. This application controls our access to the various applications that Ideanote uses. Ideanote uses multi factor authentication to gain access to the system. With regards to the password policy specifically, they are set as follows: (a) passwords must be a minimum of 16 characters; (b) they must contain some lower case letters, and they cannot contain part of the username; and (c) users are locked out after 10 failed login attempts.
To learn more about the security of G-Suite as identity provider, please see https://static.googleusercontent.com/media/gsuite.google.com/en/security/g-suite-security-ebook.pdf
Keys for encryption of customer data at rest are managed by our cloud provider, Google. You can find additional information about Google's key management procedures here: https://cloud.google.com/kms/.
We use public/private keys to secure access to code repositories. Keys used by staff are generated by Ideanote employees on an individual basis and stored in encrypted form.