Introduced in version 17.0.0, MDaemon has the ability to store user passwords using non-reversible encryption. This protects passwords from the MDaemon admin, server admin, or a possible attacker.
When enabled, passwords have a maximum length of 72 characters. Passwords are also preserved, but not revealed, when importing/exporting to or from an MDaemon server.
Considerations
- APOP and CRAM-MD5 authentication methods will not work with this feature enabled, as they depend on MDaemon being able to decrypt passwords
- MDaemon's weak password report feature is not compatible with this feature.
To enable storing password using non-reversible encryption:
- Select Accounts
- Select Account Settings
- Expand Other
- Select Passwords
- Click the Store mailbox passwords using non-reversible encryption
- Click Apply
- A pop-up will appear to verify and state this process can take some time, depending on the number of accounts.
- Click Yes to begin converting all passwords into a non-reversible, encrypted state.
- Click OK on the pop-up when the process finishes.
- Click OK to close the Account Settings window.