Skip to main content
All data in your Auth0 tenant is always under your control and is available through the at any time.

User passwords and MFA secrets

The only information which is not available through the API (for security reasons) are the password hashes of your Auth0-hosted database users, MFA secrets, and private keys. You can still request this information by opening a support ticket. This operation is not available for our Free subscription tier, and we are unable to accept or guarantee requests for exports at a specific time and date.

Password hash and MFA secret export process

To request password hashes or MFA secrets, open a support ticket. For security purposes, Auth0 requires the following before the export can be provided:
  • Your acknowledgment of the procedure and authorization to export passwords and/or MFA secrets from your tenant
  • Confirmation from at least one additional tenant admin
  • A signed Hashed Password and MFA Secret Export Acknowledgement form. This form MUST be signed by a CISO, CSO, or have an executive level signature (VP or above) in your organization. Typing in a name is not acceptable.
  • Your PGP public key for encryption
The export will be encrypted using your PGP public key and delivered via a secure service called SendSafely. The file is automatically removed from the hosting service after 7 days.
For step-by-step instructions on generating your PGP keys and decrypting the export, see PGP Encryption Guide for Secure Data Export.

Custom database connections

If you store user passwords in your database, set up a custom database connection which Auth0 will query each time a user logs in. In this case, Auth0 will never store any password hashes, unless you choose to progressively migrate users to Auth0.

Auth0 components

Auth0 primarily uses Connect (OIDC) as its authentication protocol, so you should be able to implement an integration to your application using standard libraries. The same situation applies when integrating Auth0 through SAML. All of Auth0’s SDKs, libraries, and samples are published on GitHub as free software.

Social identity providers

If you choose not to use Auth0 but want to keep using the same and secrets for your social , you will retain access to user information without needing to display new consent dialogs.

Custom code

All of Auth0’s custom code features (rules, custom database scripts, custom OAuth connections, and so on) run on a Node.js sandbox service. All libraries available on the sandbox service are also available on npm for use with standard Node.js code.

Additional resources

Learn more