Describe how users are created/authenticated in customer center.

[SuperOfficeDevNet]

Some customers have security concerns and need to know how service customer center users are authenticated.

This page should detail how service persons are created with a corresponding user_candidate record and the details associated with authenticating them with the customer center.

[acdavidh]

Also add info about the new hashing algorithm used since 10.2.5:

https://community.superoffice.com/en/technical/forums/api-forums/service-crmscript/breaking-change-related-to-customer-portal-authentication/

We have upgraded the hashing to use bCrypt level 12. We have done a thorough analysis of the security concerns and trade-of's related to hashing the customers' passwords, including discussions with our security consultants, and this became our choice. There were some other alternatives, but other considerations such as library availability for various platforms also impacted our choice. The consensus seems to be that bCrypt level 12 makes brute-force virtually impossible, and the built-in salting also protects against rainbow table attacks.