Account Authentication Policy

Purpose:

To define the authentication processes and security measures for user accounts on the Pitaka platform, ensuring that only authorized individuals have access to sensitive information and features, in compliance with applicable laws and regulations in the Philippines.

Scope:

This policy applies to all users of the Pitaka platform, including customers, employees, contractors, and third-party users who access the system.

Policy

1. User Authentication:

All users must create a unique account and set up a Personal Identification Number (PIN) for access.

The PIN must meet the following criteria:

Six (6) digits in length
The PIN must only be known to the authorized user of the platform

2. Single Sign-On (SSO):

Users authenticate through a Single Sign-On (SSO) solution using their registered email address. SSO provides a seamless login experience across connected services and applications.

3. Multi-Factor Authentication (MFA):

MFA is required for all user accounts to enhance security. Users must enable MFA upon account registration or during the next login attempt.

The following methods of MFA may be utilized:

Face ID
Touch ID

4. Account Lockout Policy:

After three failed login attempts, the account will be temporarily locked for 15 minutes to prevent unauthorized access. Users may reset their PIN through the recovery process to regain access.

5. User Responsibility:

Users are responsible for maintaining the confidentiality of their PIN and account credentials and must not share them with anyone. If a user suspects their account has been compromised, they must report it to Pitaka support immediately and reset their PIN.

6. Session Management:

Users will be automatically logged out after 15 minutes of inactivity to minimize the risk of unauthorized access. Users may log out manually at any time, and it is recommended to do so when using shared or public devices.

7. Compliance with Legal and Regulatory Requirements:

This policy aligns with the Data Privacy Act of 2012 and other relevant Philippine laws regarding data protection and user privacy. Regular audits will be conducted to ensure compliance with these regulations.

8. Documentation and Reporting:

All authentication attempts, including successful logins and failed attempts, will be logged and monitored for suspicious activity. Reports of authentication-related incidents will be documented and reviewed to improve security measures.

9. Policy Enforcement:

Violations of this policy may result in disciplinary actions, including suspension or termination of access to the Pitaka platform, depending on the severity of the violation.

Purpose:​

Scope:​

Policy​

1. User Authentication:​

The PIN must meet the following criteria:​

2. Single Sign-On (SSO):​

3. Multi-Factor Authentication (MFA):​

The following methods of MFA may be utilized:​

4. Account Lockout Policy:​

5. User Responsibility:​

6. Session Management:​

7. Compliance with Legal and Regulatory Requirements:​

8. Documentation and Reporting:​

9. Policy Enforcement:​