Hacker News new | comments | show | ask | jobs | submit login
Ask HN: Securing passwords for client systems my app must access
2 points by pplante 1746 days ago | hide | past | web | 1 comment | favorite
The application I am developing must login to a few third party websites on behalf of the end user. These are enterprise ASP.NET apps that were written in 2001 and probably never updated, its bad.

I have to store the username/password for these systems somewhere within my applications database. Storing passwords in plain text scares the crap out of me. So HN what is the best way for me to balance security concerns here?

Offer for the user to make a certificate or personal salt, have them email it to themselves and put it in dropbox and backup their iPhone. Use that and a salt from you in a two-way hash.

Applications are open for YC Winter 2018

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact