Customer password migration

>Though nowadays a full-scale shopping cart migration can be performed just within several hours, it is a process of a high back-end complexity. Customer password migration is considered to be among one of the most popular options store owners opt for during the replatforming. By automatically transferring passwords from the Source to the Target store, merchants will save their clients' time and deprive them of the password-recovery hassle. But what differs product from password data migration? In today's post, we'll try to figure out what is so tricky about it and what are the risks of incautious code manipulations.

Cart2Cart provides its users with the ability to migrate passwords, though only for a limited number of shopping carts. In fact, we’ve created a dedicated page with a table of migration pairs within which password migration option is available.

Please note, some of the platforms (e.g., WooCommerce, Magento, Prestashop, Opencart, etc.) require the setup of a special Cart2Cart’s plugin. It should be installed only to the Target Cart.

Please, take time to watch our video tutorial on Customer Password Migration:

Password Migration Obstacles

Being a string of characters used for user authentication, passwords secure secret/private information from those who should not gain access to a resource. Like any other shopping cart data, they are stored on a server allowing customers to login onto their accounts. The fact that a password database is reachable by anyone who can gain access to the server (legally or illegally) leads to the need to keep the passwords securely themselves. And that is when hashing steps in.

Hashing - is the transformation of a string of characters (i.e., password in our case) into a fixed-length value or key that represents the original string. In other words, hashing plays a cryptographic function and puts a "password" on a password. As a cryptographed output is practically impossible to invert (and get the original character string), we get a reliable way to store customer passwords. So what's the migration problem?

Every shopping cart is a unique piece of code written on different programming languages. It uses various technologies and offers distinct possibilities. That's what allows you to choose from (which is good), and that's what puts limitations on data migration (which is bad). As a result, password migration can not be performed between shopping carts that vary in the hashing algorithms they use. Encrypted passwords would not make any sense for a shopping cart that uses a different algorithm, turning them into a bunch of useless character lines.

Customer Password Migration

When Code Migration is Possible?

Nonetheless, customer password transfer is possible provided that:

  1. Target and Source shopping carts use the same hashing algorithm
  2. Target and Source shopping carts both use or both don’t use salt*

*Salt - is a random data that is used as an additional input to a one-way function that hashes a password.

When both of these conditions are fulfilled, passwords can be migrated from the current shopping cart to a desirable one smoothly and correctly. Although, each case still requires individual investigation, as problems with password transfer might occur even because of extensions that in some way affect the database.

Code Manipulation Pitfalls

Another thing worth mentioning is the fact that some of the dishonest market players claim to offer safe customer password migration possibility within a great amount or even all the existing eCommerce solutions. Whenever you hear such a statement, be aware that most probably it is nothing more but cheating.

Considering the fact that password transfer between shopping carts with different hashing mechanisms can't be performed, the only way to do it is to change the encrypting algorithm on one of the platforms. Supposing it is possible, the modification of a cart's source code might cause irrevocable and dramatic harm to your online store. Customer password database vulnerability, extension installation issues, and upgrade inability are objectionable yet possible consequences inflicted by unwary store manipulations.

Bottom Line

To sum it up, password migration is a reality distorted with a bunch of myths. So, if you've decided to make your customers' life more comfortable, choose the Migrate customers' passwords free option in the Migration Wizard. We hope that this material was useful and helped you to understand what stands behind the password migration limitations. If a Target or Source shopping cart is absent in the list of platforms for which the password migration is supported, there is always a plan B - simply ask your customers to recover their passwords after the switch. And remember - safety first!

Also, make sure to use our free Demo Migration option.