Hitachi ID Access Certifier is designed to be secure. It is protected using a multi-layered security architecture, which includes running on a hardened OS, using file system access rights, providing strong application-level user authentication, filtering user inputs, encrypting sensitive data, enforcing application-level access rights and storing log data indefinitely.
Access Certifier never requires plaintext passwords to be stored in configuration files or scripts and does not store plaintext passwords anywhere. Access Certifier does not ship with a default administrator password -- one must be typed in at installation time.
These security measures are illustrated in Figure [link].