Backendless Support
 
Not a Problem

How does Backendless encrypt stored password ?

I'm using Backendless for a big client and their are concerned for security, so they're asking me which mechanism is used by Backendless to store passwords. So far, the only thing I found is BACKENDLESS FEATURES text which says:

I was expecting to be able to see the password when we query the user info, however, for security Backendless encrypts the password info in a one-way method that even they (or you as the admin of your user table) can’t retrieve. If a user forgets their password, you’ll have to build in the functionality for them to reset it.

To get this information is very important for me, please any hint about it is very much appreciated.

Leave a Comment

Comments (1)

photo
1

Backendless encrypts passwords with a one-way algorithm (MD5 with salt) and stores the encrypted version of it. As a result, it's impossible to decode it back to clear text.

You cannot retrieve your own password and if user forgets what it is, you can use the API to change it.