When authentication to an external system is done by password, this password matches the access credential to that system - that is, to authenticate with it, you need to present that password in your original format. For this reason, whatever medium the program uses to store this password, this process must necessarily be reversible (ie it must be possible to obtain the original password from whatever has been stored on disk).
The problem is: how to protect this password? You can not do it because the hashes are not reversible. You could encrypt it, but where to store the key? If the key is in a file next to the encrypted password, this is the same as locking your door and leaving the key in the lock ... You could also save this key in an external storage, and ask the user to insert it every time he wanted to use the saved password, but what is the advantage of memorizing the password? It saves it on the external device at one time ... In the same way, if you encrypt the saved password with another password, you avoid having to enter a password but then have to type another one, the advantage? ...
(I speak from a user's point of view, of course - you can have advantages in using a "master password" that unlocks access to all your saved passwords, eg give this option Or you can use a < but usually only those who are most concerned about security do this, the average user only wants not to. have to type the password and that's it!)
Because of this, most programs that store passwords from other services (and in this case, help the discussion not refer to them as "passwords", but rather as
25.09.2014 / 23:18