You can implement various password policies to help increase the security of your Issuetrak site. Behind the scenes, Issuetrak uses substantial protections to avoid the compromise of sensitive customer data. Different mechanisms are employed based on the nature of each category of data (more information on this can be found below)
To activate your system's password options and policies:
The message Parameters successfully updated will then appear.
Application user account passwords are secured with the NIST-recommended PBKDF-2 function, with an iteration count that exceeds current recommended standards, and that continues to increase automatically as time progresses. For each new password stored, a new, cryptographically random 64-byte salt is generated and supplied to the function along with the plaintext password. The hash used in the function is SHA-512. Password hashes are retained only as long as the site administrator has configured, and plaintext passwords are never sent to the database.
Passwords for connecting to external servers (such as mail servers and Active Directory servers) are encrypted with AES-256 in CTR mode using HMAC for authentication, using the SHA-384 algorithm. Keys are generated as sets of cryptographically random 32-bytes. During use, these keys are stored as DPAPI-encrypted nodes within the ASP.NET website's “web.config” file.
All encryption libraries used are professionally audited.