Frequently Asked Question

Does hashing of passwords meet the intent of PCI DSS Requirement 8.2.1?
Using strong cryptography to hash the password meets the intent of the PCI DSS Requirement 8.2.1, which is to prevent unintentional disclosure of the passwords during transmission over the network or during storage.
Please refer to the PCI DSS and PA-DSS Glossary of Terms, Abbreviations, and Acronyms for additional information on hashing.
(Note: PCI DSS Requirement numbers refer to PCI DSS version 3)
May 2014
Article Number: 1253
Related
Featured FAQ Articles
Most Recently Updated
-
Is the expectation that any PFI investigation initiated must result in a PFI Final Report?
-
Can SAQ eligibility criteria be used for determining applicability of PCI DSS requirements for assessments documented in a Report on Compliance?
-
Do PCI DSS requirements for keyed cryptographic hashing apply to previously hashed PANs?