Fluid Attacks logo
Contact Us
Young hacker smiling
Zero false positives

Expert intelligence + effective automation

Contact logo Contact Us

REQ.127 Store hashed passwords

This document contains the details of the security requirements related to the definition and management of access credentials in the organization. This requirement establishes the importance of defining cryptographic mechanisms to store passwords securely and avoid common attacks.


Passwords must be stored using hash algorithms.


  1. OWASP-ASVS v3.1-2.13 Verify that account passwords are one way hashed with a salt, and there is sufficient work factor to defeat brute force and password hash recovery attacks.

  2. OWASP-ASVS v3.1-2.21 Verify that all authentication credentials for accessing services external to the application are encrypted and stored in a protected location.

Service status - Terms of Use