Skip to Content
Nemu Inc.
Access ControlπŸ”‘ Password Policy

πŸ”‘ Password Policy

1. Purpose

This document specifies password and authentication requirements for accounts under Nemu Inc.’s control.

2. General Requirements

  • Passwords must be of sufficient length and complexity as enforced by CSPs (e.g., Google, GitHub).
  • Passwords should be unique and not reused across unrelated services.
  • Passwords should be changed annually.
  • Multi-Factor Authentication (MFA) is required for:
    • Google Workspace accounts.
    • Administrative access to CSP consoles such as Supabase and Render.
    • Other critical third-party services, where supported.

3. Storage and Handling

  • Passwords are never stored in plaintext.
  • Password-based authentication in applications uses well-reviewed libraries and secure hashing algorithms.
  • Shared passwords are avoided; where necessary, they are stored in secure password managers or rotated frequently.

4. Application Users

  • End-user authentication may be delegated to trusted identity providers (e.g., OAuth providers, Supabase Auth).
  • Password resets follow a secure procedure using email or other verified channels.

5. Audit Evidence

  • Screenshots of MFA enforcement in Google Admin and other CSP consoles.
  • Documentation of password configuration policies in key tools.
  • Application documentation showing use of secure authentication libraries.

6. Compliance Mapping

  • SOC 2: CC6.1, CC6.3
  • ISO 27001:2013: A.9.2.4, A.9.3.1

Contact: support@mynemu.com
Β© 2025 Nemu Inc.. All rights reserved.

Last updated on
πŸ” Access Control PolicyπŸ›‘οΈ Privileged Access Policy