Overview

Using clear text passwords in your settings.xml file, which is Maven's default, is a security risk.

This situation worsens if you use LDAP or other authentication integration, since you expose your SSO password in clear and that password is likely to be used for other services, not just Artifactory.

Using Maven's built-in support for encrypted passwords, by generating passwords on the client side, does not improve the situation:

1. Login password is decrypted on the client side and ends up in clear text in memory, and when transmitted over the wire (unless forcing SSL too).
2. The master password used for decryption is stored in clear text on the file system.
3. Password encryption is left to the good will of the end-user and there is no way to centrally mandate it.

Artifactory provides a unique solution to this problem by generating encrypted passwords for users based on secret keys stored in Artifactory.  You can ensure users' shared passwords are never stored or transmitted as clear text.
You can also set a central policy for using or accepting encrypted passwords.  Go to the Admin tab and then Security -> General:

Using Your Secure Password

To secure your password:

1. Open your profile page (click on your login name on the upper-right corner) and type-in your current password.
2. Enter a correct password.  Your password is in the Encrypted Password field.
3. Copy this value (including the {...} prefix) or use the sample server xml snippet in your settings.xml (you must change the server name to match the ID of your repository).