Xoxoday Loyalife encrypts all stored passwords and login credentials using strong, one-way cryptographic hashing algorithms, so authentication data is never retained in a readable or reversible form.
How Xoxoday Loyalife protects stored login credentials
Xoxoday Loyalife applies industry-standard cryptographic hashing to every password before it is written to storage. Hashing is a one-way transformation — even if an attacker gained access to the underlying data store, they would find only irreversible hash values, not usable passwords. This approach aligns with the OWASP password storage guidelines and is a prerequisite for compliance with frameworks such as ISO 27001 and SOC 2 Type II. Stored hashes are further protected using a unique per-account salt. Salting eliminates the risk of pre-computed rainbow-table attacks, where adversaries try to reverse known hash values en masse. Each credential hash on Xoxoday Loyalife is unique to that account, even if two users happen to choose the same password.Encryption at rest across the full authentication stack
Beyond password hashing, Xoxoday Loyalife encrypts sensitive authentication metadata — such as session tokens and credential recovery keys — using AES-256 encryption at rest. This means every layer of the login lifecycle, from initial credential storage through session management, is protected by encryption controls that meet enterprise security requirements. For organisations that connect Xoxoday Loyalife to an enterprise identity provider — such as Workday, SAP SuccessFactors, or Darwinbox via SAML 2.0 or OIDC — passwords are never stored in Xoxoday Loyalife at all. Authentication is delegated entirely to the IdP, and Xoxoday Loyalife receives only an encrypted assertion confirming the user’s identity. This architecture reduces the credential attack surface to zero for SSO-enabled deployments.Why this matters for enterprise IT and security teams
When your IT or information security team evaluates a new SaaS platform, the handling of stored credentials is typically one of the first controls reviewed. A platform that stores passwords in plain text or uses weak, reversible encoding fails even basic due-diligence checks and creates regulatory exposure under frameworks like GDPR, ISO 27001, and SOC 2 Type II. Xoxoday Loyalife is designed to satisfy these controls out of the box. Security and procurement teams do not need to request special configuration — strong password hashing and at-rest encryption are applied by default across all tenants. This simplifies vendor risk assessments and supports faster approval from InfoSec reviewers at enterprise organisations. For teams using collaboration tools such as Slack or Microsoft Teams alongside Xoxoday Loyalife, the same encryption standards apply to any stored credentials used by Loyalife’s integration layer — no integration credentials are persisted unencrypted.Auditability and compliance evidence
Xoxoday Loyalife’s encryption controls are documented in its SOC 2 Type II report and ISO 27001 certification scope. These artefacts are available to enterprise customers under NDA during procurement to support formal vendor risk assessments and internal audit requirements. Learn more: Xoxoday Loyalife Help Centre — SecurityData encryption at rest and in transit
Learn how Xoxoday Loyalife applies AES-256 encryption to stored data and TLS 1.2+ to all data in transit across the platform.
SSO and enterprise identity provider integration
Understand how Xoxoday Loyalife integrates with Workday, SAP SuccessFactors, and Darwinbox via SAML 2.0 and OIDC to delegate authentication.