How to store a password securely?

qwertzguy

qwertzguy

New member
Joined
Jul 24, 2008
Messages
2
Programming Experience
1-3
Hello,

I have an application that has to login on an online service.
And I want peoples to be able to store their password for that online service in my application so that they don't need to enter it each time they launch my application.

The thing is how do I store this password safely? So that someone that has access to the computer cannot find the password.

Because if I encrypt the password and put it somewhere (registry or a file) then I'll have to encrypt it with fixed passphrase, and thus, anyone who would do disengeneering/decompiling of my application (which is quite easy with VB .Net applications) would know the passphrase and would then be able to make a program to automatically fetch and decrypt the password stored by my application on the computer.

I want a system like the one used by Windows Live Messenger or Outlook to store passwords in a secure way.


Thank you for your advices and help!
 
Sort by date Sort by votes
well...

ok man, idk u could go to the microsoft developers network site and find a few samples. here is a link to the site,

http://msdn.microsoft.com/en-us/library/eha65w94.aspx Visual Basic Security Samples

uhm, most programs are decryptable, so just make a strong encryption of your own, or do something like send it securely to the server, and the server sends an encrypted version of it to store on the computer, but thats also dangerous, but at least someone couldnt just break the code from the application that encrypts it and then decrypt it, they'd have to get to your server computer(which should be equipped with many firewalls, for security reasons) like i'd get behind a router, or sonicwall or something to block all ports, except those you'd want open, and then your personal firewall on your computer(windows firewall) and then some kind of program that reads any incoming data to the computer that came through the firewalls on open ports, and forwards the information to your program if you deem it neccessary. but there are plenty of security samples out there, and i would also "implemenent" the IDisposable method too, just for more security reasons on the client side, ok give me feedback
 
Upvote 0 Downvote
Hello joedeene,

Thanks a lot for your help.
I'll check out the link you gave me and think about the idea of using a distant server for encrypting. (the only problem is that i'll need to use the same server for decrypting I guess, otherwise I'll need to have the decryption method in my program which then makes it unsafe again.)

I'll tell you about how things will go on.


Thanks.
 
Upvote 0 Downvote

Similar threads

Jonathan1994
  • Question
creating a quotation (estimate) system and saving to a access database, but cant get passed on how to save the quote and multiple line items.
Replies
3
Views
918
jmcilhinney
jmcilhinney
A
  • Solved
Resolved Store the actual bitmap data in the resx file
Replies
7
Views
2K
jmcilhinney
jmcilhinney
OldDad
  • Question
Please - How to build app for win8 on win10 machine
Replies
5
Views
2K
OldDad
OldDad
RobertAlanGustafsonII
  • Solved
Question How can my desktop app download and install another app?
Replies
5
Views
1K
RobertAlanGustafsonII
RobertAlanGustafsonII
G
  • Question
Question How to create multiple user accounts in database
Replies
3
Views
2K
chrisjlocke1
chrisjlocke1

Share this page

Latest posts

Back
Top