Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Storing encrypted passwords

Tags:

My coworker and I are having a fist-fight civilized discussion over password security. Please help us resolve our differences.

One of us takes the viewpoint that:

  • Storing passwords encrypted using a public key in addition to a one-way hashed version is OK and might be useful for integration with other authentication systems in the future in case of a merger or acquisition.
  • Only the CEO/CTO would have access to the private key, and it would only be used when necessary. Regular login validation would still occur via the hashed password.
  • I have/he has done this before in previous companies and there are many sites out there that do this and have survived security audits from Fortune 500 companies before.
  • This is a common, and accepted practice, even for financial institutions, thus there is no need to explicitly state this in the privacy policy.
  • Sites like Mint.com do this.

The other one of us takes the following viewpoint:

  • Storing passwords, even in encrypted form, is an unnecessary security risk and it's better to avoid exposure to this risk in the first place.
  • If the private key falls into the wrong hands, users that use the same password across multiple sites would risk having all of their logins compromised.
  • This is a breach of trust of our users, and if this practice is implemented, they should be explicitly informed of this.
  • This is not an industry-wide practice and no big name sites (Google, Yahoo, Amazon, etc.) implement this. Mint.com is a special case because they need to authenticate with other sites on your behalf. Additionally, they only store the passwords to your financial institutions, not your password to Mint.com itself.
  • This is a red flag in audits.

Thoughts? Comments? Have you worked at an organization that implemented this practice?