OwlX Fintech Solutions

At OwlX Fintech Solutions Pvt Ltd, ensuring the security and confidentiality of user accounts is a top priority. This Password Reset Policy outlines the steps and security measures for users and employees to follow when resetting their passwords, to ensure the process is secure and reduces the risk of unauthorized access.

1. Purpose

The purpose of this policy is to provide clear and secure procedures for users to reset their passwords in the event of forgotten credentials or if the password needs to be updated for security reasons.

2. Scope

This policy applies to all users, merchants, employees, and other individuals who access the OwlX Fintech platform. It governs the password reset process for both user and administrative accounts.

3. Password Reset Procedures

3.1 User-Initiated Password Reset

Users who have forgotten their password or wish to change it must follow the process outlined below:

  • Step 1: Go to the login page and click on the “Forgot Password?” link.
  • Step 2: Enter the registered email address or mobile phone number associated with the account.
  • Step 3: A one-time password (OTP) or password reset link will be sent to the registered email or phone number for verification.
  • Step 4: Upon verification, the user will be prompted to create a new password that meets the company’s password policy (refer to Section 5).
  • Step 5: After resetting the password, the user will receive a confirmation email or SMS indicating that the password change was successful.
3.2 Admin-Initiated Password Reset

If an admin needs to assist a user with resetting their password, the following steps must be followed:

  • Step 1: The user must request the password reset via a support ticket or through the official email: [email protected].
  • Step 2: The admin will verify the user’s identity through security questions or other methods (such as phone verification) before proceeding.
  • Step 3: The admin will trigger a password reset link or OTP to be sent to the registered contact details of the user.
  • Step 4: The user will follow the link to reset their password, as described in the User-Initiated process.

4. Security Measures for Password Resets

  • Verification of Identity: For all password reset requests, OwlX Fintech ensures that the user’s identity is verified through an OTP, reset link, or answering security questions to avoid unauthorized password resets.
  • Expiry of Reset Links/OTPs: Password reset links and OTPs are valid for a limited time (typically 15 minutes). If the link or OTP expires, the user will need to request a new one.
  • Secure Communication Channels: All password reset communications, including OTPs and reset links, are transmitted via encrypted channels (SSL/TLS) to protect against interception.

5. Password Requirements

To enhance account security, all new passwords created after a reset must meet the following requirements:

  • Length: Minimum of 8 characters.
  • Complexity: Must contain at least one uppercase letter, one lowercase letter, one digit, and one special character (e.g., !, @, #, $, etc.).
  • Re-use Restriction: Users cannot reuse any of their last 5 passwords.
  • Password Expiry: Users are encouraged to change their passwords every 90 days for additional security.

6. Failed Password Reset Attempts

  • After 3 failed attempts to reset the password, the account will be temporarily locked for 15 minutes. This is to prevent brute-force attacks.
  • A notification will be sent to the registered email or phone number alerting the user of multiple failed password reset attempts.

7. Account Lockout and Recovery

In the event of an account lockout due to suspicious activity or repeated failed password reset attempts, users can contact OwlX Fintech customer support at [email protected] or +91 96069 49055 to verify their identity and request account reactivation.

8. Monitoring and Logging

  • All password reset requests are logged for security monitoring purposes.
  • Logs include the timestamp, IP address, and user identification data for each reset attempt. This helps identify any unusual activity and trace the source of potential fraud or breaches.

9. User Responsibilities

  • Users are responsible for maintaining the confidentiality of their passwords and for choosing strong passwords.
  • Users must not share their passwords with anyone, including employees of OwlX Fintech. In the case of suspected account compromise, users should immediately reset their password and notify OwlX Fintech support.

10. Periodic Review

This Password Reset Policy will be reviewed periodically (at least once a year) to ensure its effectiveness and relevance to emerging security threats. Any updates to the policy will be communicated to all stakeholders.

By adhering to this Password Reset Policy, OwlX Fintech Solutions Pvt Ltd ensures a secure and reliable process for password management while minimizing the risks associated with unauthorized access and account compromise.