Sembark enforces a set of security policies on every account to keep your business data safe. This page explains these policies so that you are not surprised when the software asks you to update your password or logs you out.
TODO: Add overview image
Password Requirements
When setting or updating a password, the following rules apply:
- Strong passwords are enforced. Use a mix of uppercase, lowercase, numbers and special characters. Any special character is supported.
- You can not reuse any of your last 3 passwords.
- Passwords expire every 180 days. You will receive a notification 7 days before expiry so that you can update it without losing access.
TODO: Add image for Password Requirements
TIP
Instead of remembering complex passwords, consider setting up Passwordless Login with Passkeys or Two-Factor Authentication for stronger and easier login.
Sessions
- After you change your password, all your active sessions are logged out and you must login again with the new password.
- Inactive sessions are automatically timed out after 20 minutes of inactivity.
- Simultaneous logins on multiple desktop devices are blocked. You can stay logged in on one desktop and one mobile device at a time.
TODO: Add image for Sessions
Admin Controls
Account admins have additional controls from the Organization > Users page:
- Reset or set a password for any team member, with an option to force a password change on next login.
- Enable or disable Two-Factor Authentication for team members. When 2FA is enabled by an admin, the team member can not disable it themselves.
- View security details of every user such as 2FA status and when the password was last updated.
TODO: Add image for Admin Controls
See Users and Teams for the complete user management documentation.
Privacy
All images uploaded to Sembark are automatically stripped of EXIF metadata (location, device and timestamp information) to prevent accidental leakage of sensitive details.
TODO: Add image for Privacy