PoliciesPassword Policy

Password Policy

Our approach to password security and best practices

At Appbox, we take password security seriously and implement multiple layers of protection for your credentials. This policy explains how we handle passwords and provides guidelines to help you create strong, secure passwords for your Appbox services.

Password Storage at Appbox

Appbox utilizes industry-standard security platforms to deliver a seamless user experience. The following sections detail how we manage passwords across our different systems.

Client Area (WHMCS)

The Appbox Client Area, powered by WHMCS, handles account management, service provisioning, communications, and payments. Your password in this system is securely hashed using Bcrypt, a modern cryptographic algorithm designed specifically for password security.

Appbox Control Panel

Our Control Panel provides a centralized interface to manage your Appbox services, installed applications, and account settings. It's built using secure frameworks with modern authentication standards.

Control Panel Login Password

The password you use to access the Appbox Control Panel is protected using bcrypt, an adaptive hash function based on the Blowfish symmetric block cipher. Our implementation leverages the Phalcon security component which uses PHP's password_hash function with strong work factors to ensure optimal security. This means:

  1. Each password hash includes a unique salt to prevent rainbow table attacks
  2. The hashing algorithm is deliberately slow to mitigate brute force attempts
  3. The work factor (cost) is set to make attacks computationally expensive
  4. Our system can upgrade to newer algorithms like Argon2i when needed for enhanced security

This industry-standard approach prevents password exposure even in the event of a database compromise.

Application Passwords

Passwords for applications installed through our Control Panel are stored in plaintext and are accessible to both you and the Appbox support team. This accessibility is necessary to provide technical support when you request assistance. Our support team will only access your applications when you explicitly request help through our official support channels. We recommend setting temporary passwords if you need support with a specific application.

Third-Party Application Passwords

Some applications may store authentication credentials and sensitive information in plaintext as part of their default functionality. This behavior is outside of Appbox's control and is determined by the applications' developers. Your Appbox environment is secured so that only you can access your own data, providing isolation between users despite any application-level password storage limitations.

Password Security Recommendations

You can help strengthen your account security by following these password best practices:

Use Unique Passwords

  • Never reuse passwords across different websites or services
  • Using the same password for multiple accounts creates significant security risks - if one service is compromised, all your accounts become vulnerable
  • Create a different password for each of your Appbox services

Create Strong, Memorable Passwords

  • Aim for passwords that are at least 12 characters long
  • Consider using:
    • A memorable quote from a movie or book
    • A unique phrase or expression
    • A combination of unrelated words with special characters
  • Avoid using:
    • Personal information (birthdays, names, initials)
    • Common words or phrases
    • Simple keyboard patterns (qwerty, 12345)
    • Reversed words or simple substitutions

Enable Two-Factor Authentication

We strongly recommend enabling two-factor authentication (2FA) for your Appbox account:

  • 2FA adds an essential second layer of security beyond your password
  • Even if your password is compromised, attackers would need the second factor to access your account
  • You can enable 2FA on your account security page
  • Appbox supports time-based tokens from authentication apps including:
    • Google Authenticator
    • Authy
    • Microsoft Authenticator
    • Duo Mobile
    • And most other standard TOTP-compatible applications

Consider Using a Password Manager

If you struggle to create and remember unique passwords for all your accounts, consider using a reputable password manager. These tools can generate strong passwords and securely store them for you. Some reliable options include:

Weak Password Policy Statement

While Appbox encourages the use of strong passwords, ultimately the security of your account credentials is your responsibility. Appbox cannot be held responsible if your account is compromised due to weak passwords or password reuse across multiple sites. Attackers commonly use brute force or dictionary attacks to compromise accounts with weak passwords. We strongly recommend following the security guidelines outlined above to protect your account and data.