How to store someone else's password?

Question

There's a general consensus on how to store passwords if you have to validate them yourself (i.e. hash + salt (+ pepper)). However, I am building an application which logs users in into some service X to do actions A, B, C repeatedly for them.

How would one store passwords in this case? Even if they are encrypted, there has to be a 1-to-1 conversion if one wants to log them into service X.

You wouldn't. You would not even HAVE those passwords. – Erwin Smout May 28 '16 at 17:33 — Erwin Smout, May 28 '16 at 17:33
@Rainymood learn to use search – Neil McGuigan May 28 '16 at 19:02 — Neil McGuigan, May 28 '16 at 19:02

score 1 · Answer 1 · edited Oct 07 '21 at 11:19

1

There is no safe way to store passwords that can be decrypted into their plain text form.

The OAuth2 protocol offers a solution for your use case.

It asks the user to authenticate and then issues your application an access token (and potentially a refresh token) that allows your application to access or act upon the behalf of the user.

edited Oct 07 '21 at 11:19

Community

1
1

answered May 28 '16 at 15:43

MvdD

22,082
8
65
93

How to store someone else's password?

1 Answers1