Updated over a week ago

Ballpark employs industry-standard techniques for password management, encryption, storage, complexity, and reset.

Encryption and storage

Raw passwords are not stored, so there is no way for a Ballpark employee to see the user's password. The Ballpark web application user authentication system uses Bcrypt to hash and salt user passwords. Each password has a uniquely generated salt, and the 'pepper' is stored independently from the database forcing the password's uniqueness, increasing their complexity without increasing user requirements, and mitigating password attacks like hash tables.

Complexity standard

Ballpark requires user passwords to have at least 8 characters.

Secure reset

A user can submit a time-restricted request for a password reset link to be sent to their verified email address in the event that they forget their password.

Password managers

We would encourage all Ballpark customers and users to leverage a password manager to maintain, store, and fill strong passwords when using the product.

Did this answer your question?