|
|
|
|
|
|
by dave_kinde
1159 days ago
|
|
|
That's right, bcrypt2 - we also upgrade imported users passwords to this more secure hashing algorithm if they were previously using something less secure like md5. This is all done transparently on their first login with no impact to the user flow. The self-service export is UI driven at the moment, as exporting passwords requires approval from an additional owner/admin for security. We could definitely extend this to be initiated by API though |
|
|