EmpowerID provides an easy-to-use password management solution that allows end-users to securely reset forgotten passwords and unlock their user accounts.
Key areas of the functionality provided by the Password Management solution include:
Password Encryption
While EmpowerID's portal can be configured to authenticate users via federation, by default EmpowerID uses itself as an Identity Provider and authenticates users accessing the application via standard username and password submission. User-provided passwords are stored as non-reversible SHA-512 hashes, computed with a unique salt (unique per user and not accessible outside the system). These safeguards make it virtually impossible to reverse-discover a user's password, even if the stored hash is inadvertently exposed. During authentication, the hash is computed with the user-supplied value (and system-supplied salt) and compared to what's stored; the user's password is considered valid if the hashes match. Safeguards are put in place to prevent brute-force attacks that attempt to guess a user's password.
...
| Note |
|---|
EmpowerID strongly recommends you add extra security to your portal by supplementing the default out-of-the-box username and password authentication with MFA and/or Passwordless login. |
Web and Mobile Self-Service Reset
...