Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Storing encrypted passwords

Tags:

My coworker and I are having a fist-fight civilized discussion over password security. Please help us resolve our differences.

One of us takes the viewpoint that:

  • Storing passwords encrypted using a public key in addition to a one-way hashed version is OK and might be useful for integration with other authentication systems in the future in case of a merger or acquisition.
  • Only the CEO/CTO would have access to the private key, and it would only be used when necessary. Regular login validation would still occur via the hashed password.
  • I have/he has done this before in previous companies and there are many sites out there that do this and have survived security audits from Fortune 500 companies before.
  • This is a common, and accepted practice, even for financial institutions, thus there is no need to explicitly state this in the privacy policy.
  • Sites like Mint.com do this.

The other one of us takes the following viewpoint:

  • Storing passwords, even in encrypted form, is an unnecessary security risk and it's better to avoid exposure to this risk in the first place.
  • If the private key falls into the wrong hands, users that use the same password across multiple sites would risk having all of their logins compromised.
  • This is a breach of trust of our users, and if this practice is implemented, they should be explicitly informed of this.
  • This is not an industry-wide practice and no big name sites (Google, Yahoo, Amazon, etc.) implement this. Mint.com is a special case because they need to authenticate with other sites on your behalf. Additionally, they only store the passwords to your financial institutions, not your password to Mint.com itself.
  • This is a red flag in audits.

Thoughts? Comments? Have you worked at an organization that implemented this practice?


Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!