https://v2.webnotes.in/tags/credential-security/Recent content in Credential Security on WebNotesHugoen-INSat, 20 Jun 2026 00:00:00 +0000https://v2.webnotes.in/zerodha-client-password-policy/Sat, 20 Jun 2026 00:00:00 +0000https://v2.webnotes.in/zerodha-client-password-policy/<p><strong>Zerodha&rsquo;s client password and credential policy</strong> sets no password in the account-opening welcome email; the client creates the password at first login, and a mandatory second factor, the Kite App Code or an external time-based one-time password (TOTP), sits on top of it under the cyber-security framework SEBI mandated in its circular of 3 December 2018, enforced across brokers from 30 September 2022. The login is therefore two factors deep by design, and the account holder, not the broker, carries the loss from any credential misuse.</p>