Plain text password format
severity-critical
cms-settingskey-password-format-is-plain-text
Check Logic
Constant Care for Kentico will ensure the Password format setting is not set to plain text (default)
You can manage your settings for this checkup in the Constant Care for Kentico admin settings.
Resolution
To determine how your users' passwords are being stored, you can navigate to the Settings application and then find the Security & Membership > Passwords General settings.
The password format should be anything other than "Plain text".
We would recommend setting it to "PBKDF2", as this is the strongest security option at this time.
IMPORTANT: This will only change passwords going forward. If you have users with plain text passwords, it would be best to put a plan in place to have your users reset their passwords.
Not sure what to do?
If you are ever unsure about making changes to your site, we encourage you to reach out to your
Kentico Xperience Gold Partner. If you do not have a partner,
then feel free
contact the Constant Care For Kentico team to get connected
with an expert.