Msg#: 4194761 posted 9:11 pm on Aug 31, 2010 (gmt 0)
I'm curious to if there is a reliable way to securely store passwords in a database that aren't plain-text that are used to access third party websites? In example I salt and pepper passwords, hash them, and then compare hashes however you can't send a hashed password to a third party and expect it to work though at the same time you don't want to store passwords as plain text at the risk of giving away all of a company's passwords should the database be stolen or compromised?
Msg#: 4194761 posted 10:35 pm on Aug 31, 2010 (gmt 0)
I'm not trying to do this though yes. I've seen sites that want to take your authentication credentials for third parties (you are first, they are second, credentials are third party) and store them in their database so they don't request the same credentials over and over again.