Ask HN: Storing Credentials Securely
I know that storing plain-text passwords in your database is a no-no; for login credentials, the typical solution is to store a hashed password (preferably with some entropy or salt). But what about sites that store your credentials for other services or sites? I'm thinking about things like Mint (www.mint.com). Since hashing is a one-way function, they can't hash my credentials. So are they encrypting it, and hopefully somehow keeping their encryption algorithm/data safe? Is it even possible for the encryption algorithm to be REALLY safe? What's the best practice for doing this sort of thing?
I'd really like to hear your thoughts, since I'm a little nervous about giving people my banking credentials, but also because it seems like this sort of thing is going on more and more with aggregator-type services (things like Friendfeed).
6 comments
[ 2.9 ms ] story [ 24.5 ms ] threadAs for another site storing your passwords, I'd at least hope they'd store it encrypted, but trusting someone else is a matter of, um, trust. Who knows, it could be in a text file called passwords on the root.
That's what I'm using on FragTweet.com. To be clear, the service has to let you use it, but its still better than storing passwords. You get an authorization token from the target service that lets you authenticate as that user for certain actions which you can then store. At any time the user can deactivate the token through the service's control panel. Very slick, although not quite finished.
They don't retain your own credentials; they've even said they don't retain exact knowledge of who you are -- just how to get your transaction stream and attach it to your Mint reports.
Apparently, they leverage the preexisting service for doing this established by Yodlee, a company that dates back to the first net boom and initially had a multi-account dashboard that did login for you, but evolved to a service for doing this in a more secure way.
[1] my understanding based on the link timf provided in this prior thread -- http://news.ycombinator.com/item?id=412715 -- and other research around that time