Insert excerpt |
---|
| _Banners |
---|
| _Banners |
---|
name | administration |
---|
nopanel | true |
---|
|
panelborderColor | #7da054 |
---|
titleColor | white |
---|
titleBGColor | #7da054 |
---|
borderStyle | solid |
---|
title | Sections on this page |
---|
|
|
key.User passwords using a pepper key and Bcrypt.This requires an exact string match for the password.The pepper key is specific to the PhixFlow instance, and is stored in the keystore because key will be have reset After upgrading to , new or reset passwords and security answers automatically use the Bcrypt method.Passwords were encrypted using the previous encryption method. These will continue to work because the configuration file phixflow-instance.xml has a list of all the encryption methodsTo check a passoword or security answer, PhixFlow identifies which method has been used to encrypt it. It then uses the same method to encrypt the string supplied by the user. PhixFlow then compares the two encrypted versions and ensures these match.
As Bcrypt is more secure, we recommend all security information is migrated to Bcrypt as soon as possible.
To do this, all users must change their passwords and their security answers.
You ; a new version of This means , Reset.About the Pepper Key
The pepper key for your PhixFlow instance is created at installation or uprade to 8.3.0. a key see Once it is set, all new or reset passwords have the pepper key added to them. key alias stored in Do not change as this will disable