All Zappar content is cloud-based, using Amazon's S3/CloudFront servers. They’re protected behind firewalls and are hardened against server vulnerabilities.
- All user passwords are encrypted and stored as salted PBKDF2-SHA256 hashes.
- Content is stored in servers inside the EU, served from a hub closest to the user.
- Industry-standard public/private key and two-factor authentication techniques.
Workspace admins can choose which authentication methods are allowed by team members on their workspace. Custom authentication methods for Single Sign-on (SSO) are also available for workspaces on Enterprise plans.
Click here to learn more about the SSO methods we support and how to set them up on your workspace.
Workspace Admins can set a workspace level password policy. The passwords for all users on a workspace must adhere to the password policy set on the workspace.
A password policy can be set through the Workspace Settings page.
Workspaces with a default password policy requires user passwords to be at least 5 characters in length.
To access a workspace with a strict password policy, users must have a password which is at least 8 characters in length, and contains at least two of the following requirements:
- A lower case character
- An upper case character
- A numerical character
After five failed password attempts, a user is denied access to the workspace.
Workspaces with a custom password policy have greater customization and control over users accessing a workspace with their password.
A custom password policy is available to those on an Enterprise plan.
The following factors can be changed on a custom password policy:
- Password History: The number of new passwords that must be used before an old password can be used.
- Change Frequency: The number of days until a user's password must be changed.
- Idle Timeout: The number of minutes before a user is prompted to enter their password to access a workspace.
- The number of password attempts allowed on a workspace.
- The number of requirements (rules) a user's password must adhere to.
- The requirements a password must have.
- Permit social media authentication.
- Customise a password's complexity.
You can enable two-factor authentication on your account through your user settings.
By clicking enable, you will be shown a QR code that you can scan through your chosen two-factor authentication app. Alternatively, you will be provided with a secret key which can be manually entered into your app.
Once your ZapWorks account is linked to your authenticator app, you will be asked to provide two verification codes to verify your identity (these will appear under the name 'Zappar'). After this has been verified, you will be provided with a set of backup codes, which are one-time use access codes to access your account in case you lose your device. We recommend copying these backup codes into a safe place.
If you have lost your two-factor device and backup codes, please contact our support team.
Changing your Password
You can change your password by going to your user settings. If you have a custom password policy in place, please ensure that your password adheres to the policy.
When resetting your password, ensure you follow the link in the most recent email you receive from us. Sending multiple requests to reset your password will invalidate previously sent tokens, and only the most recent one will be valid.
If you are still having issues resetting your password after following the most recent reset token, you can receive a temporary password by contacting us.
You are also able to view and manage all of your active and recent user sessions on the ZapWorks platform through your user settings. At the bottom of your user settings, a tab will show you a list of your current sessions with the date and time of the session, as well as the system, browser, and authentication method used.
If you wish to end a session, you are able to select the cross next to that respective session to end it. Please note that you are unable to cancel your current session through this panel, and can end this by selecting your name in the top right of your workspace and choosing 'Logout'.
If you have any cause for complaint about our use of your personal data, or wish for it to be removed from our database, you can do so by contacting us.