Question AAAI-15
Are you storing any passwords in plaintext?
| Weight | 25 |
| High Risk | Yes |
| Required | Yes |
| Compliant Answer | No |
Standard Guidance
EDUCAUSE provides no guidance here
Answering "NO"
EDUCAUSE provides no guidance here
Answering "YES"
Provide a detailed description stating why account passwords/passphrases are not encrypted in storage.
Reason for Question
The focus of this question is confidentiality. It is a straightforward question confirming the encryption of user authentication details.
Follow-Up Inquiries
Follow-up inquiries for password/passphrase encrypted storage will be institution/implementation specific.
HECVAT Pro Advice
[Add expert insights and best practices]
Implementation Tips
[Add practical steps for SME SaaS vendors]
FAQ
[Add common questions related to this HECVAT item]
Resources
[Add links to relevant articles or tools]