FAQ #1253 Diff
Does hashing of passwords meet the intent of PCI DSS requirement 8.4?
Earlier Version
Later Version
Removed
Added
Yes. Using strong cryptography to hash the password meets the intent of the PCI DSS Requirement 8.2.1,8.3.2, which requires that all authentication factors be rendered unreadable during transmission and storage using strong cryptography.
This requirement is designed to preventunintentionalunauthorized disclosureaccess ofto these authentication factors, both in storage and as they traverse the network. When implemented properly, hashing ensures that passwords duringcannot transmissionbe overeasily recovered or misused, even if the networkdata oris during storage.compromised.
Please refer to the PCI DSS and PA-DSS Glossary of Terms, Abbreviations, and Acronyms for additional information on hashing.
(Note: PCI DSS Requirement numbers refer to PCI DSS version 3)
This requirement is designed to prevent
Please refer to the PCI DSS
(Note: PCI DSS Requirement numbers refer to PCI DSS version 3)
Disclaimer: This FAQ has been processed for display on this website and may contain errors. Please check the original FAQ on the PCI SSC website for the authoritative version.