nopCommerce & BlindHash
BlindHash™ enhances the password security of the Nop platform rendering an offline attack virtually impossible. Our extension is the most secure way to protect your customers' passwords and your brand.
WHO SHOULD USE THE PLUGIN?
Any nopCommerce site that stores user passwords should use this plugin, even if you are not storing credit card or financial data. Your customers' passwords are some of the most valuable data that your site holds to hackers and should be protected as so. If for any reason you have a breach, then you must assume that your clients' passwords have been compromised. When this happens you must notify customers and implement a company wide password reset. With the BlindHash™ plugin, we ensure that this never happens. BlindHash™ completely secures any password, even if your password database is stolen.
HOW DOES IT WORK?
The current NOPCommerce application uses a password hashing algorithm called SHA1. BlindHash™ enhances the security of your NppCommerce hashing by implementing our blind hashing technology that completely secures passwords from offline attacks. The BlindHash™ plugin is easy to install, and completely invisible to your users (no password reset.) They login just like they normally would, but behind the scenes, our BlindHash™ servers use a massive pool of secure random data to protect your passwords.
OUR COMPANY SITE IS HOSTED AT A DATA CENTER. DO WE STILL NEED THIS PROTECTION?
Absolutely you still need it. Hosting sites are typically more secure than stand alone installations, but they secure against physical and electronic intrusion. The NopCommerce password hashes are stored the same way they are if you are not using a hosting service. Last year there were 1.093 reported breaches and many of those were of sites that were hosted in third party data centers.