Best practices for storing and using 3rd party passwords?

Adam Fields cryptography23094893 at
Mon Apr 26 17:52:34 EDT 2010

I'm looking for a best practices guide (for a system architecture) or
case studies for how best to handle storing and using 3rd party

Specifically, I'm interested in the case where a program or service
needs to store a password in such a way that it can be used (presented
to another service on behalf of the user), which precludes using a
hash or other obfuscated password. Obviously this is a security risk,
but I'm looking for ways to minimize that risk, and tips on how to
design a system that can use those passwords as it needs to but still
minimize the chances of passwords being compromised.

(I understand that storing passwords is not in itself a great idea,
but in practice it's still required to access some web services where
OAuth or the like is not yet supported.)

Does anyone have a good reference for this?

				- Adam
If you liked this email, you might also like:
"HTML5 presentation in HTML5" 
"Cooking at home is different" 
"Brooklyn Botanic Garden" 
"fields: @jacqui Get an ez-pay metrocard and never worry about refilling or los..." 
** I design intricate-yet-elegant processes for user and machine problems.
** Custom development project broken? Contact me, I can help.
** Some of what I do:

[ ].. Experience
[ ] .. Latest Venture
[ ] ................ Founder

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list