Are you storing our passwords in plaint text?
I would hope not.
Any reason you believe they are?
Hi @Dird, Certainly not! All passwords are always encrypted
I hope that by “encrypted” you mean “hashed” (irreversible one-way encryption), and that they’re well salted, too
How about some pepper, too? Just stumbled upon an interesting read: https://blog.filippo.io/salt-and-pepper/
He’s a security expert and I believe did his masters in security. Since coming on board he’s done an overhaul on our security setup and procedures. After an external audit and a penetration test on the app completed a few weeks ago your passwords and data are certainly secure
Hello @m, this is a valid question. We actually go a step further, not only by implementing hashing to store passwords securely but also by encrypting the entire database.
Moreover, from my CTO perspective, security is the primary concern and the area in which we heavily invest.
To make sure that our security is always on top of the game, prior to any new functionality release we conduct an independent security audit, emphasizing the penetration testing.
Thanks Igor, great to know!