CloudFix is dedicated to ensuring the security of its user data, especially when it comes to sensitive information like passwords. This article provides insights into how CloudFix protects the passwords of its users.
Note that this information only applies to users of the CloudFix portal.
CloudFix doesn't use passwords or any other credentials to connect to your AWS Infrastructure (it uses IAM roles instead). See: CloudFix Authorization/Permissions in Customers' AWS Environments.
Cloudfix never accesses passwords of the users of your AWS infrastructure See: What Client Information is Held by CloudFix and for How Long?
CloudFix uses AWS Cognito for authenticating users who log into the CloudFix portal at app.cloudfix.com.
Password Protection with SRP
AWS Cognito, the authentication backbone for CloudFix, employs the Secure Remote Password (SRP) protocol for user password protection. SRP is a robust cryptographic protocol ensuring that user passwords are not stored in a manner that can be retrieved or exposed.
How SRP Works in AWS Cognito
- Instead of storing user passwords directly, AWS Cognito stores a verifier.
- This verifier allows the system to confirm the authenticity of user credentials without ever receiving or handling the actual password.
- When users attempt to log in, the SRP protocol ensures that their passwords are never sent over the internet, enhancing security.
Are Passwords Hashed?
Yes, the SRP protocol inherently involves hashing passwords. In AWS Cognito's implementation of SRP, passwords are not stored directly. Instead, a verifier (based on the hashed password) is kept, ensuring that even in the unlikely event of a data breach, user passwords remain protected.
CloudFix prioritizes user security by leveraging AWS Cognito and the SRP protocol, ensuring that passwords are never stored in a vulnerable manner. Users can be confident in the safety and confidentiality of their login credentials when accessing the CloudFix portal.