FAQ #1253: Does hashing of passwords meet the intent of PCI DSS requirement 8.4?

ℹ️

Reference Content: This is a copy of content from the PCI Security Standards Council FAQ database, preserved for tracking changes over time.

View Original →

FAQ #1253 Published Version: 2013-07-23T00:00:00+00:00

Does hashing of passwords meet the intent of PCI DSS requirement 8.4?

Using a strong hashing algorithm to hash the password meets the intent of the PCI DSS requirement 8.4, which is to prevent unintentional disclosure of the passwords through such means as network sniffing.

View original on PCI SSC website View all versions Back to recent changes

Disclaimer: This FAQ has been processed for display on this website and may contain errors. Please check the original FAQ on the PCI SSC website for the authoritative version.