Is stored authentication data encrypted?
Factonomy recommends the use of password hashing in preference to encrypted passwords.
Our reasoning for this is that systems administrators with sufficient knowledge are able to obtain an encrypted version of the password and decrypt it using an appropriate key.
On the other hand, a password hashing algorithm is a one way mechanism allowing the correct password to be authenticated but making it impossible for the passwords to be decrypted.
FAQs - Authentication
- What are the available authentication mechanisms?
- Where is authentication data stored?
- Is stored authentication data encrypted?
- How is system integration into a ‘single-sign-on’ environment achieved?
- What directory services can the system interface with?
- How is authentication handled in Client Access Mode?
- How is authentication handled in Web access mode?
- How is network traffic encrypted?
- How are firewalls dealt with?
- How is data encrypted in a typical Intranet?
