Ask HN: How should you store passwords for authentication against 3rd partys?
There's been a lot of stuff recently about hashing/salting/mashing/crushing/blending etc. passwords for authentication, but what if your application needs access to the plain text passwords. Say, it authenticates with a third party service that requires you to send a username and password to authenticate (I.E. authenticating with a users IMAP/SMTP email account or logging in to their Twitter).<p>Lets ignore the server/database part of this (though that is, of course, important). How should your application store these authentication details in a way where, if your server was compromised and the hackers had access to the database AND application code?
1 comment
[ 2.4 ms ] story [ 22.3 ms ] threadThe only way around this that I can see is just using a different method of authentication.