Diff: FAQ #1253
Does hashing of passwords meet the intent of PCI DSS requirement 8.4?
Earlier Version
2014-05-29 22:19:00 UTC
2014-05-29 22:19:00 UTC
Later Version
2025-07-22 19:40:35 UTC
2025-07-22 19:40:35 UTC
Removed
Added
Yes. Using strong cryptography to hash the password meets the intent of the PCI DSS Requirement 8.3.2, which requires that all authentication factors be rendered unreadable during transmission and storage using strong cryptography.1
This requirement is designed to prevent unauthorized access to these authentication factors, both in storage and as they traverse the netwhich is to preork. When implemented properly, hashing ensures that passwords cannot be easily recovent unintentional disclosure of the passwords during transmission ored or misused, ever the network or during storagen if the data is compromised.
Please refer to the PCI DSSand PA-DSS Glossary of Terms, Abbreviations, and Acronyms for additional information on hashing.
(Note: PCI DSS Requirement numbers refer to PCI DSS version 3)
This requirement is designed to prevent unauthorized access to these authentication factors, both in storage and as they traverse the netw
Please refer to the PCI DSS
(Note: PCI DSS Requirement numbers refer to PCI DSS version 3)