Asset Bank can optionally encrypt* users passwords before storing them in the Asset Bank database (Note: this is the default behaviour in more recent versions of Asset Bank).
If your Asset Bank is currently storing the passwords in an unencrypted fashion and you would like to change that then take one of the two approaches below...
For newly installed Asset Banks (no new or changed users after installation)
Open <tomcat home>\webapps\asset-bank\WEB-INF\classes\ApplicationSettings.properties in a text editor
Search for the setting 'encrypt-passwords'
Change it's value to true
Save and close the settings file
For Asset Banks that have had users added to them or had existing users modified.
Take a backup of your Asset Bank database
Login to your Asset Bank as an admin user
before version 3.1420: Run the action http://<urlOfAssetBank>/action/encryptPasswords and wait to be redirected back to the homepage after version 3.1420: Run the "Encrypt Passwords" action from the developer page under "Admin > System > Developer" Note: you will not need to change the settings file since the "encrypt password" action will do it for you.
Ask users to test their login to make sure that the encryption has worked and users can still login
If for any reason there are problems with user login after the encryption restore the backup of the database and contact email@example.com
*technically speaking the passwords are salted and one-way hashed.