

Ask HN: Securing passwords for client systems my app must access - pplante

The application I am developing must login to a few third party websites on behalf of the end user.  These are enterprise ASP.NET apps that were written in 2001 and probably never updated, its bad.<p>I have to store the username/password for these systems somewhere within my applications database.  Storing passwords in plain text scares the crap out of me.  So HN what is the best way for me to balance security concerns here?
======
tobylane
Offer for the user to make a certificate or personal salt, have them email it
to themselves and put it in dropbox and backup their iPhone. Use that and a
salt from you in a two-way hash.

