FMH Secure Login security information
Usernames and passwords are stored separately from clinical data within the cloud. Passwords are stored as encrypted hashed values and when a patient enters their password we hash that value and compare the hashed values. The passwords themselves are never unencrypted. There is no code within the cloud that would allow us or anyone else to decrypt those passwords.
Similar to our encryption of each patient uniquely, there is a unique salt for each password encryption. So, if someone hacks in to this storage table, they would never get usernames and passwords. They would just see hashed values that mean nothing.