BlindHash™ enhances the password security of the Nop platform rendering an offline attack virtually impossible. Our extension is the most secure way to protect your customers' passwords and your brand.
WHO SHOULD USE THE PLUGIN?
Any nopCommerce site that stores user passwords should use this plugin, even if you are not storing credit card or financial data. Your customers' passwords are some of the most valuable data that your site holds to hackers and should be protected as so. If for any reason you have a breach, then you must assume that your clients' passwords have been compromised. When this happens you must notify customers and implement a company wide password reset. With the BlindHash™ plugin, we ensure that this never happens. BlindHash™ completely secures any password, even if your password database is stolen.
HOW DOES IT WORK?
The current NOPCommerce application uses a password hashing algorithm called SHA1. BlindHash™ enhances the security of your NopCommerce hashing by implementing our blind hashing technology that completely secures passwords from offline attacks. The BlindHash™ plugin is easy to install, and completely invisible to your users (no password reset.) They login just like they normally would, but behind the scenes, our BlindHash™ servers use a massive pool of secure random data to protect your passwords.
OUR COMPANY SITE IS HOSTED AT A DATA CENTER. DO WE STILL NEED THIS PROTECTION?
Absolutely you still need it. Hosting sites are typically more secure than stand alone installations, but they secure against physical and electronic intrusion. The NopCommerce password hashes are stored the same way they are if you are not using a hosting service. Last year there were 1.093 reported breaches and many of those were of sites that were hosted in third party data centers.
INSTALLING THE PLUGIN
You will receive an email with the plugin object code, and an AppID token after submit payment for the plugin. Simply download the plugin object code and copy it into your /Plugins folder. Then follow the standard plugin installation procedures to install. The BlindHash™ plugin is available under the "Authentication" category on the marketplace. Once the plugin is installed, click Configure, and you will enter the AppID token, and click Save.
USING THE PLUGIN
Once the plugin is installed and your AppID is entered, there is nothing left to do. Your passwords will be protected going forward. If your volume of online traffic changes dramatically, you should notify us at firstname.lastname@example.org so we can adjust your limits.