I'm looking for a best practices guide (for a system architecture) or case studies for how best to handle storing and using 3rd party passwords.
Specifically, I'm interested in the case where a program or service needs to store a password in such a way that it can be used (presented to another service on behalf of the user), which precludes using a hash or other obfuscated password. Obviously this is a security risk, but I'm looking for ways to minimize that risk, and tips on how to design a system that can use those passwords as it needs to but still minimize the chances of passwords being compromised. (I understand that storing passwords is not in itself a great idea, but in practice it's still required to access some web services where OAuth or the like is not yet supported.) Does anyone have a good reference for this? -- - Adam ---------- If you liked this email, you might also like: "HTML5 presentation in HTML5" -- http://workstuff.tumblr.com/post/535889471 "Cooking at home is different" -- http://www.aquick.org/blog/2009/10/15/cooking-at-home-is-different/ "Brooklyn Botanic Garden" -- http://www.flickr.com/photos/fields/4520236537/ "fields: @jacqui Get an ez-pay metrocard and never worry about refilling or los..." -- http://twitter.com/fields/statuses/12888949847 ---------- ** I design intricate-yet-elegant processes for user and machine problems. ** Custom development project broken? Contact me, I can help. ** Some of what I do: http://workstuff.tumblr.com/post/70505118/aboutworkstuff [ http://www.adamfields.com/resume.html ].. Experience [ http://www.morningside-analytics.com ] .. Latest Venture [ http://www.confabb.com ] ................ Founder --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com