How Machi-Systems Stores Passwords
Machi-Systems uses trusted software platforms, allowing the best possible user experience. Here, we describe the platforms used to power our services and how each platform manages the passwords stored. Please note that most of the passwords stored on our servers are encrypted and hashed using various secure algorithms.
myMachi-Systems (WHMCS and WP)
Machi-Systems uses WHMCS (GoDaddy) and WordPress (WP) for managing sales, provisioning server slots, email dissemination, service announcements, and payment. It uses industry-leading security standards to encrypt and secure your information stored on our servers. The password stored on our servers is hashed using MD5 CSPRNG. See: https://betterstudio.com/blog/wordpress-md5-encrypt/
Machi-Systems Hub (WPMUDEV)
Machi-Systems uses WPMUDEV to power the Machi-Systems Hub. It provides a one-stop hub to manage your Machi-Systems slot by managing your applications and passwords. It also gives the user a quick overview of your slot.
Machi-Systems login password
Your login password, used to access your myMachi-Systems profile, is hashed using MD5 CSPRNG. See: https://betterstudio.com/blog/wordpress-md5-encrypt/
Machi-Systems App Passwords
Your app passwords, which use the same password to login to your installed applications, are stored in plain text and are only available to the user and the Machi-Systems support team; this is for the Machi-Systems support team to access installed applications whenever a support ticket is submitted. Machi-Systems support staff would not access said installed applications unless the user sends a support ticket or asks a staff member for this information on the community Discord server via Direct Messages. In such cases, we encourage a temporary password to be set prior. Or, You can accomplish this on your WordPress install by downloading the Temporary Login Without Password plugin.
Third-Party App Passwords
Certain applications (for instance, 3rd-party WordPress Plugins) are known to store authentication details and sensitive information in plaintext, including passwords and API keys. This behavior is beyond the control of Machi-Systems, and it is at the user’s sole discretion to decide to trust these applications with this data. If you wish to see the application’s behavior in question change, please report this issue to the project maintainers directly. That said, Machi-Systems slots are locked down so that only you can access your data on your slot and not anyone else’s.
How can you help
You can help us to make Machi-Systems more secure by choosing unique and strong passwords for your accounts. Below are some tips on how to choose a strong password:
- Make your password unique.
- Make sure that you do not use the same password on different sites.
- Using the same password on different accounts is risky. If your password is compromised for one account, it could lead to access to your email, address, and even your financial information.
- Make your passwords longer and easy to remember.
- The longer your password, the stronger it will be. Make sure your password is at least 12 characters long.
- Here are some tips that you can use to create long and memorable passwords:
- A quote from a movie or film
- A passage from a book
- Avoid passwords that could be easily guessed by people who know you or anything from easily accessible personal information pages, such as your social media profiles.
- Avoid passwords that use your personal information such as your nickname, initials, important dates, and others.
- Do not use common words, keyboard patterns, and phrases such as
‘god’. See The worst passwords of 2020: Is it time to change yours? …The gang is still right 25 years later. #HTP
- Do not use a word backward such as
‘321drowssap’, because reversing a word doesn’t improve your password’s security in the slightest.
- Use a password manager.
- If you have difficulty managing or remembering your passwords, consider using a trusted password manager. Below are our recommendations:
Weak Password Policy
Machi-Systems is actively encouraging users to use strong passwords for their accounts. Machi-Systems does not hold any responsibility if user accounts get compromised due to weak passwords or using the same password for multiple websites. It is common for attackers to use brute force or dictionary attacks to compromise your accounts. That is why we highly recommend using lengthy passwords with decent complexity. Please use the strong password tips we have suggested in the upper paragraph.
We hope you’ve found this doc useful. Is anything missing? If so, email us at firstname.lastname@example.org and we’ll get it sorted for you.
Questions? Send us a note and we’ll get right back to you.