How encryption is applied on network when configuring the password in Strong Authentication?
search cancel

How encryption is applied on network when configuring the password in Strong Authentication?

book

Article ID: 281276

calendar_today

Updated On:

Products

CA Strong Authentication CA Advanced Authentication CA Advanced Authentication - Strong Authentication (AuthMinder / WebFort)

Issue/Introduction

When setting up the password (Username-Password credential) for the first time, what kind of encryption will be applied on network from Strong Authentication product?

Environment

Symantec Strong Authentication 9.1.x

Resolution

Below are the recommendation to encrypt the password on network when setting up the password:
1. Enable SSL for Transaction Protocol on Strong Auth Instance and initialize AA SDK with SSL configuration on client side. For more information, please refer the section Setting Up SSL in the product documentation. 
2. Enable TLS 1.2 encryption at client application server to encrypt the entire data on network.

By default, Advanced Authentication uses encryption to protect the password credential. From 9.1SP3, Advanced Authentication lets you create a non-reversible password for the credential at the back-end.

Additional Information

Communication with AA with Microservices or any other calling application only SHA-1 is supported and SHA-256 is not supported.

Powered by Wolken Software