You can set a central policy for using or accepting encrypted passwords in the Administration module under Security | Settings by setting the Password Encryption Policy field.
The behavior according to the Password Encryption Policy setting is as follows:
|The system can receive requests with encrypted password (default).|
|The system requires an encrypted password for every authenticated request.|
|The system rejects requests with encrypted password.|
To secure your password:
The encryption mechanisms of the Oracle and IBM JDKs are not identical. Switching from one to another will make your encrypted password obsolete.
Some of the IBM JRE/JDK are shipped with a restriction on the encryption key size (mostly for countries outside the US); This restriction can be officially removed by downloading unrestricted policy files from IBM and overriding the existing ones: