The DoXM server uses Microsoft's Identity system for handling authentication. User accounts
and passwords are handled by Microsoft's code libraries that are built into ASP.NET Core.
Identity does not save passwords on the server. They are obscured in a way that cannot
be reversed, but can only be used to determine if subsequent login attempts are the same
as the original password used to create the account. The password itself cannot be
You can learn more about Identity on Microsoft Docs.
Data pertaining to computers using the DoXM service is only kept for three months, then it
is permanently deleted. No information about the computers, commands sent, or results are