Skip to content

Commit b5e5ecc

Browse files
AmberAlstonAmberAlston
authored
Merge pull request #3591 from replicatedhq/content-move
Content move
2 parents d306f1f + bdd5934 commit b5e5ecc

File tree

3 files changed

+15
-0
lines changed

3 files changed

+15
-0
lines changed

docs/vendor/vendor-password-integrity.mdx

Lines changed: 12 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,12 @@
1+
# Vendor Password Integrity
2+
3+
This topic describes how Replicated stores your Vendor Portal account password.
4+
5+
## Vendor Portal Account Password
6+
7+
Replicated stores your account password as a bcrypt hash with a cost parameter of 10. This is a non-reversible method that ensures that nobody can view your plain text password.
8+
9+
When you log in, your password is sent to our servers where we calculate a bcrypt hash of the entered password and compare that to the hash we have stored in our database. If these match, access to your account is granted and you are logged in.
10+
11+
The only time we have access to your plain text password is at login and when you change or update your password. During this time, we also calculate a separate, non-reversible hash of your password and [compare it to a list of password hashes](https://blog.cloudflare.com/validating-leaked-passwords-with-k-anonymity/) that are known to have been compromised from other providers. If your password hash is on this list, we will alert you with a banner and a warning. We recommend that you change your password to a securely generated password, preferably one that is not re-used or shared on other sites. We never send your password or the full hash of your password to anyone, including when checking if your password has been compromised.
12+

docs/vendor/vendor-portal-creating-account.md

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -41,6 +41,8 @@ To create a vendor account:
4141
Replicated recommends that you use a temporary application name for testing because you are not able to restore or modify previously-used application names or application slugs in the Vendor Portal.
4242
:::
4343

44+
For more information on how Replicated stores your username and password information, see [Vendor Portal Account Password Integrity](/vendor/vendor-password-integrity).
45+
4446
## Next Step
4547

4648
Invite team members to collaborate with you in Vendor Portal. See [Invite Members](team-management#invite-members).

sidebars.js

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -878,6 +878,7 @@ const sidebars = {
878878
href: 'https://www.replicated.com/security/'
879879
},
880880
'enterprise/sbom-validating',
881+
'vendor/vendor-password-integrity',
881882
'vendor/replicated-sdk-slsa-validating',
882883
],
883884
},

0 commit comments

Comments
 (0)