The authentication information is stored on disk in a file called OPC DataHub.auth in the same directory as the OPC DataHub.cfg configuration file. This is typically in the directory C:\Documents and Settings\User Name\Application Data\OPC DataHub. Passwords are stored in this file using a reasonably strong non-reversible encryption. If a user forgets his password, it is not recoverable.

When a password is associated with a mirror/tunnel connection, it is stored in a weakly encrypted form on disk, in the OPC DataHub.cfg file. This is a reversible encryption, so a good security policy would be to deny access to this file to untrusted users.

When a password is transmitted across the network, it is transmitted in plain text. This is necessary to accommodate the variety of clients that could generate an authentication request. If the network is itself insecure, it is advisable to use a VPN (Virtual Private Network) or an SSH tunnel in order to encrypt the network traffic.