Best practices for storing and using 3rd party passwords?

Adam Fields cryptography23094893 at aquick.org
Mon Apr 26 17:52:34 EDT 2010


I'm looking for a best practices guide (for a system architecture) or
case studies for how best to handle storing and using 3rd party
passwords.

Specifically, I'm interested in the case where a program or service
needs to store a password in such a way that it can be used (presented
to another service on behalf of the user), which precludes using a
hash or other obfuscated password. Obviously this is a security risk,
but I'm looking for ways to minimize that risk, and tips on how to
design a system that can use those passwords as it needs to but still
minimize the chances of passwords being compromised.

(I understand that storing passwords is not in itself a great idea,
but in practice it's still required to access some web services where
OAuth or the like is not yet supported.)

Does anyone have a good reference for this?


-- 
				- Adam
----------
If you liked this email, you might also like:
"HTML5 presentation in HTML5" 
-- http://workstuff.tumblr.com/post/535889471
"Cooking at home is different" 
-- http://www.aquick.org/blog/2009/10/15/cooking-at-home-is-different/
"Brooklyn Botanic Garden" 
-- http://www.flickr.com/photos/fields/4520236537/
"fields: @jacqui Get an ez-pay metrocard and never worry about refilling or los..." 
-- http://twitter.com/fields/statuses/12888949847
----------
** I design intricate-yet-elegant processes for user and machine problems.
** Custom development project broken? Contact me, I can help.
** Some of what I do: http://workstuff.tumblr.com/post/70505118/aboutworkstuff

[ http://www.adamfields.com/resume.html ].. Experience
[ http://www.morningside-analytics.com ] .. Latest Venture
[ http://www.confabb.com ] ................ Founder

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list