Ory is the largest open source community in the world for cloud software application security. We maintain advanced open source security software solving authentication, authorization, access control, application network security, and delegation. Ory implements a variety of industry and best-practice standards including OAuth 2.0 / OAuth 2.1, OpenID Connect, Zero Trust Networking, Google Zanzibar Policy Framework, FIDO2 U2F, WebAuthn, TOTP, and more.

Ory Community

<@U04UQ68083H> I am passing plain text password when i submit a login flow. Do I need encryption?

No, you don't need to encrypt the password when you submit a login flow. When you import a clear text password, you provide the password in the JSON payload. Ory will then hash the password according to the configured password hashing algorithm and store it in the database. Here is an example of how you can do this:  ```json {    "schema_id": "<preset://email>",    "traits": {    "email": "[[email protected]](<https://www.ory.sh/cdn-cgi/l/email-protection>)"    },    "credentials": {    "password": {    "config": {    "password": "the-password"    }    }    }   }   ```  In this example, the password `the-password` will be hashed and stored in the database. The identity will be able to sign in using `[[email protected]](<https://www.ory.sh/cdn-cgi/l/email-protection>)` and `the-password` as credentials.  Please note that password imports don't use any password validation. Users have to update their password according to the policy themselves using self-service flows.  For more information, you can refer to the [Ory documentation](<https://www.ory.sh/docs/kratos/manage-identities/import-user-accounts-identities>).