Password Policy

How Stores Passwords uses trusted software platforms, allowing you to have the best possible experience. Here, we describe the platforms used to power our services and how each platform manages the passwords stored. Please note that most of the passwords stored on our servers are encrypted and hashed using various secure algorithms.

myUltra (WHMCS) uses WHMCS for managing sales, provisioning of slots, email dissemination, service announcements, and payment. It uses industry-leading security standards to encrypt and secure your information stored on our servers. The password stored on our servers is hashed using Bcrypt. Control Panel (Django) uses Django to power the Control Panel. It provides a one-stop panel to manage your slot by managing your applications and passwords. It also gives the user a quick overview of your slot.

UCP Login Password

Your login password, used to access your UCP profile, is hashed using the PBKDF2 algorithm with a SHA256 hash.

UCP App Passwords

Your app passwords, which are the password used to login to your installed applications, are stored in plain text and are only available to the user and the support team; this is for the support team to access your installed applications whenever you ask for support. support staff would not access said installed applications unless the user sends a support ticket, or asks a staff member for it on the community Discord server via Discord Tickets. In such cases, we would encourage you to set a temporary password prior.

Third-Party App Passwords

Certain applications (for instance, Deluge or SickChill) are known to store authentication details and sensitive information in plaintext, including passwords and API keys. This behavior is beyond the control of, and it is at the user’s sole discretion to decide to trust these applications with this data. If you wish to see the application’s behavior in question change, please report this issue to the project maintainers directly. That said, slots are locked down so that only you can access your data on your slot and not anyone else’s.

How can you help

You can help us to make more secure by choosing unique and strong passwords for your accounts. Below are some tips on how to choose a strong password:

Weak Password Policy is actively encouraging users to use strong passwords for their accounts. does not hold any responsibility if the user account gets compromised due to weak passwords or using the same password at multiple websites. It is common for attackers to use brute force or dictionary attacks to compromise your accounts. That’s why we highly recommend using a decent length of passwords with decent complexity. Please use the strong passwords tips we have suggested in the upper paragraph.

Revision #7
Created 13 November 2020 21:20:14
Updated 11 October 2023 12:53:09 by Varg