Are you storing our passwords in plaint text?

Are you storing our passwords in plaint text?

2 Likes

I would hope not.

Any reason you believe they are?

2 Likes

Hi @Dird, Certainly not! All passwords are always encrypted :lock:

2 Likes

I hope that by “encrypted” you mean “hashed” (irreversible one-way encryption), and that they’re well salted, too :slight_smile:

1 Like

Hi @m, according to our trusted CTO @Sergej we are using state of the art Hash with Salt! :slightly_smiling_face:

2 Likes

How about some pepper, too? Just stumbled upon an interesting read: https://blog.filippo.io/salt-and-pepper/

1 Like

Thanks for sharing @m, I’ll pass onto our new CTO @Igor!

He’s a security expert and I believe did his masters in security. Since coming on board he’s done an overhaul on our security setup and procedures. After an external audit and a penetration test on the app completed a few weeks ago your passwords and data are certainly secure :slight_smile:

1 Like

Hello @m, this is a valid question. We actually go a step further, not only by implementing hashing to store passwords securely but also by encrypting the entire database.

Moreover, from my CTO perspective, security is the primary concern and the area in which we heavily invest.

To make sure that our security is always on top of the game, prior to any new functionality release we conduct an independent security audit, emphasizing the penetration testing.

3 Likes

Thanks Igor, great to know!

1 Like