Nkosi does not store or keep client passwords. Even our clouds and servers do not store or keep client passwords. If clients lose passwords, all we can do is change passwords as we have no clue what the passwords are.
You should have, follow or make a security policy which lists the protocols and rules related to your passwords.
Password Rules, Policy, Protocols and Procedure examples:
How strong should your passwords be? ( Nkosi requires all passwords to use at least 12 characters and consist of upper case, lower case, numeric and ASCII characters )
How frequently do you change your passwords? (Nkosi requires that you change your passwords regularly as defined by yourself)
Where and how do you store your passwords? (You should store passwords off the Internet or in a strongly encrypted file)
What is the process you follow when you change your passwords? (You should have a checklist or follow a set recipe which you define yourself)
What additional security do you require? – Do you require 2F (second factor) and/or 3F (third factor) authentication? (You define the security of your own environment – but always remember that your security is dependent upon your vendors and your suppliers – your own security is build on the security of others and if your house foundations are in clay, your walls will crack…)