The SugarCRM credential i.e. user name and hash password are stored in the browser localStorage. The credentials are used to authenticate your SugarCRM server. Your SugarCRM credentials remain within your browser, and are never sent to any server, including our Yathit login server. Moreover, to prevent casual inspection of the credentials, they are encrypted with RC4 cipher with SHA1 hash and salt.