Use a strong and unique password

A good password is easy to remember but hard for both humans and computers to guess. We recommend using a password or passphrase that you don't use anywhere else as your Smartly.io password. Besides the password, we strongly recommend using either Single Sign-On (SSO) or setting up a Multi-Factor Authentication to login to the Smartly.io app. 

We also recommend using a password manager to generate and manage your passwords, because they make using truly random and unique passwords easier for you.

To encourage the use of good passwords, we currently enforce the following rules recommended by the NIST (from NIST Special Publication 800-63B on Digital Identity Guidelines, Section 5.1.1.2) for passwords:

• Password must be at least 12 characters long
• Password must not have appeared in previous breach corpuses

Checking if a password has been leaked in a data breach

During user sign-up and password change, we use the PwnedPasswords API to check if a new password is present in past data breach corpuses. Note that this password check does not involve sending your password anywhere, and it is provably safe. For technical details, see the PwnedPasswords API documentation and this blog post section from Troy Hunt, the author of the API.

At this time we are not checking if your current password is present in past data breaches. If you are not using a password manager that checks whether your passwords have appeared in data breaches, we recommend you check your current password on the Pwned Passwords website.