Expand my Community achievements bar.

SOLVED

Protected password storage

Avatar

Level 2

Hi all! I have Adobe Campaign Classic (version 9032) installed, does anyone know if all end-user passwords are protected by a hash with a random value (salt) using a strong hashing algorithm (e.g. SHA-256)?

Thank you very much!!

1 Accepted Solution

Avatar

Correct answer by
Employee Advisor

Hi @RobertoCervantes,

In ACC, passwords are hashed with the SHA-256 algorithm and a unique salt value. This helps to protect user passwords from being compromised in the event of a security breach.

Adobe Campaign Classic also supports other password security measures, such as setting password complexity requirements and password expiration policies.

View solution in original post

4 Replies

Avatar

Correct answer by
Employee Advisor

Hi @RobertoCervantes,

In ACC, passwords are hashed with the SHA-256 algorithm and a unique salt value. This helps to protect user passwords from being compromised in the event of a security breach.

Adobe Campaign Classic also supports other password security measures, such as setting password complexity requirements and password expiration policies.

Avatar

Level 2

Yes, Adobe Campaign Classic (version 9032) protects end-user passwords with a hash that includes a random value (salt) using a strong hashing algorithm, such as SHA-256. The hashed passwords are then stored in the Adobe Campaign database.

When a user creates or updates their password, the password is first hashed using the selected algorithm and salt. The resulting hash value is then stored in the database, while the original password is discarded.

When a user attempts to log in, the entered password is hashed using the same algorithm and salt as the stored hash. If the resulting hash matches the stored hash, the user is granted access. If the hashes do not match, the user is denied access.

This hashing mechanism provides an additional layer of security to protect end-user passwords from unauthorized access, even if the database is compromised. It is recommended that users choose strong, unique passwords and that passwords are periodically changed to maintain the security of the system.