Is there a way to verify passwords using encryption methods? Presently, we store passwords without encryption, posing a security risk. I am currently utilizing the “smtp_server_auth_plain” method for authentication.
Hey there @kindhearted-deer, thanks for posting. To ensure the fastest resolution to your issue, please review the following and follow all the steps:
While SMTP_Auth uses the “Plain” type, we require TLS, so the channel is encrypted by default.
We have discussed other options but I am curious what your preference would be? Certificate Auth? Bearer tokens? Something else?
My preference is to implement encryption methods, such as base64 and MD5, to ensure that passwords are not directly accessible.
I’d think given that base64 is directly reversible, and MD5 has collisions, you’d probably want something a bit stronger if possible
There is nothing requiring you to store the passwords in plaintext. You can opt to store hashed passwords, hash what the user provides in AUTH PLAIN, and compare the hashes.
There is also no requirement on where to store those passwords. For instance, you could have a completely separate authentication server that manages salted encrypted passwords in a protected vault, then use the HCVault connector on your delivery nodes to verify the salted, encrypted passwords when needed. You do not ever need to store a plain text password anywhere.