Protecting credentials

Local user account passwords are stored using a salted hash; that is, they are combined with a random string, and then the combined value is stored as a hash. A hash is a one-way algorithm that maps a string to a unique value so that the original string cannot be retrieved from the hash.

Passwords are masked in the browser. When transmitted between appliance and the browser over the network, passwords are protected by TLS.

Local user account passwords must be a minimum of eight characters, with at least one uppercase character. HPE OneView does not enforce additional password complexity rules. Site security policy determines password strength and expiration (see Best practices for maintaining a secure appliance). Hewlett Packard Enterprise recommends that you integrate an external authentication directory service (also known as an enterprise directory) with HPE OneView. The directory service (required with two-factor authentication) enforces password management policies such as minimum length and complexity.