Siebel Security Hardening Guide > Securing Siebel Business Applications > Implementing Password Management Policies >

About Configuring Password Hashing for Users

Password hashing is a critical tool for preventing unauthorized users from bypassing Siebel Business Applications and logging in to the Siebel database directly. It also prevents passwords intercepted over the network from being used to access Siebel Business Applications, because an intercepted hashed password is itself hashed when a login is attempted, leading to a failed login.

Password hashing is not enabled by default in Siebel CRM. It is recommended that you enable password hashing after installing Siebel Business Applications if appropriate for your environment.

Password hashing is enabled by setting the value of the HashUserPwd parameter to True and hashing each user password using the hashpwd.exe utility. For detailed information on enabling password hashing, see Siebel Security Guide.