There are two types of passwords in PortaBilling:
- Web interface password. This password is used in combination with a login to authenticate a user (e.g., admin, end user) who gains access to their web self-care interface.
- Service password. This password is used to authenticate all calls made using the account. It is also used to register a SIP account on a SIP phone/softphone. Only accounts have this password. In the PortaBilling API, a service password corresponds to a h323_password attribute.
To secure password storage, hashing and encrypting mechanisms are used. These measures protect users’ passwords in case an unauthorized person obtains access to the database.
Hashing performs a one-way password transformation. A password is turned into a hash value (data chunk of a fixed size). This hash value is unique and stored in a database. When a user attempts to log in, the system takes the password entered and performs a similar one-way hash. Then the system compares the hash value that was provided with the database hash value. If they match, the user logs in successfully. It is impossible to transform a hash value into initial symbols. Hashing is not reversible. Highlights:
- Passwords are hashed for:
- All users that are created via the PortaBilling web-interface (My company > Access control > Users), e.g., users with root permissions, administrators, operators.
- CC staff created by resellers. For example, customer care support employees.
- Web interface passwords are hashed only.
- Passwords are hashed by default. Hashing cannot be turned off.
- Hashed passwords cannot be converted to plain text.
Encryption is a two-way password transformation. It means that a password can be decrypted to initial symbols. Users with ACL/a role that permits them to obtain passwords, can obtain them in plain text. For example, an administrator can put an account password into plain text by using the get_account_info API method.
Encryption uses a passphrase along with salt. The passphrase is a key used for encrypting or decrypting passwords. Salt is random data used to randomize output after encryption. Salt complicates the process of deciphering an encrypted password since each salt value is unique, even for two identical passwords.
Passwords encrypted with salt are stored in a database while a passphrase is stored on several servers. Encrypte passwords and a passphrase are stored in different places which makes them secure. For this reason, it is difficult to crack these passwords, even if an attacker obtains access to the database.
An administrator can change a passphrase with a CLI utility. For more information, contact PortaOne support. During this procedure, an old encryption passphrase is replaced by a new one. This requires decryption-encryption and an update for all passwords in the database. During this procedure, account owners can continue using their services as usual; i.e. there is no downtime. Highlights:
- Passwords are encrypted for the following entities:
- Both web interface passwords and service passwords are encrypted.
- The passwords of vendors and representatives are always stored in plain text.
- Encryption is enabled by default. It can be turned off on the Configuration server (Security.EncryptPasswords option).
- A passphrase can be changed via a console utility.
- Users with the right ACL/role permissions can obtain encrypted passwords in plain text.
By default, all web interface passwords that are used to log in expire in 30 days. To set another timeframe, go to the Configuration server (Web.Password_expire option). These protection measures increase the security level of users’ passwords stored in a database.
Storing admin web password in browsers
Administrators often store credentials to PortaBilling web GUI in password managers. The best security practice is to store the passwords encrypted. However, a browser’s password manager does not encrypt passwords by default and those passwords might be stolen (e.g., by means of malicious software, when the device is lost, etc.). To ensure the optimum security in PortaBilling, you can disable storing credentials in browsers’ password managers. Thus, every administrative user must specify their login and password every time they log in to PortaBilling. To disable storing credentials, set AllowKeepingCredentialsAdmin option to No on the Configuration server.