0

We're using a two-step authentication on a web-app, which consist of:

1- Username/password 2- Memorable-word

The password is being hashed then stored, where the memorable-word is stored as it is, obviously, it is as important as the password, do you recommend to encrypt it then store it or leave it as it is?

iseenoob
  • 339
  • 1
  • 8
  • So how is the memorable word different from a second password? I cannot see an advantage in requiring a second password, it is safer if the user invests this effort in choosing a stronger first password. – martinstoeckli Feb 22 '18 at 12:23
  • @martinstoeckli Strong password is a must, however, in case the user's password got exposed, the memorable-word will be the savior. It is not a second factor but a second step, like a gate and a door irl. – iseenoob Feb 22 '18 at 14:44

0 Answers0