How are passwords stored?

Security, Privacy & Data Protection

Your password is never stored in plain text. We use strong, industry-standard cryptographic hashing built into ASP.NET Core Identity to protect your credentials.

How Your Password is Protected

 
Secure Hashing Process

CertNudge never stores your actual password. When you set or use your password, the system uses:

  • Industry-Standard Hashing: Uses PBKDF2 (Password-Based Key Derivation Function 2), a widely trusted algorithm recommended for secure password storage.
  • Unique Salt Per User: A random "salt" value is added to your password before hashing. This means even if two users chose the identical password, their stored hashes would be completely different, preventing precalculated attacks (like rainbow tables).
  • High Iteration Count: The hashing algorithm is run thousands of times (e.g., 10,000+ iterations). This significantly increases the computational cost required for brute-force attacks, making them impractical.

Only the resulting secure hash (not your password) is stored in our database.

Automatic Security Upgrades

 
Adaptive Security via ASP.NET Core Identity

We leverage Microsoft's robust ASP.NET Core Identity framework for authentication. This framework automatically:

  • Stays Current: Adjusts hashing strength (like iteration count) over time to match evolving security best practices recommended by Microsoft.
  • Seamlessly Rehashes: If security standards improve, your password hash is automatically upgraded to the newer, stronger format the next time you successfully log in, without any action needed from you.

Enhance Your Security Further

Enable Two-Factor Authentication (2FA)

For an extra layer of security on your account, we strongly recommend enabling Two-Factor Authentication (2FA) via your profile settings.

password security hashing pbkdf2 identity encryption
Was this helpful?
Share this FAQ
Back to Security, Privacy & Data Protection
Browse All Categories