How to store a user's password to another web application

Posted by Horace Loeb on Stack Overflow See other posts from Stack Overflow or by Horace Loeb
Published on 2010-04-04T02:34:49Z Indexed on 2010/04/04 2:43 UTC
Read the original article Hit count: 514

Filed under:

password-storage

|

passwords

I'm building a web application that shows users interesting visualizations of their Gmail activity (who they're emailing the most, etc). Obviously the user needs to give me his Gmail password to use the application, and I'm wondering how I should store it:

Store the Gmail password in plaintext. Risky!
Don't store the Gmail password at all; force the user to enter it every time he wants to sync data. Potentially inconvenient!
Encrypt the Gmail password before storing it. The user's password to my application is the key.

Something like (3) seems best, but with (3) I can only sync data when the user logs in (since I won't know his password to my application at any other time), which isn't ideal. I'd prefer a Mint.com-like solution whereby the user can click a button to sync data from Gmail at any time without re-entering his password (any idea how Mint accomplishes this without storing your banking passwords?)

© Stack Overflow or respective owner

Related posts about password-storage

Convert ASP.NET membership system to secure password storage

as seen on Stack Overflow - Search for 'Stack Overflow'
I have a potential client that set up their website and membership system in ASP.NET 3.5. When their developer set up the system, it seems he turned off the security/hashing aspect of password storage and everything is stored in the clear. Is there a process to reinstall/change the secure password… >>> More
Secure Password Storage and Transfer

as seen on Stack Overflow - Search for 'Stack Overflow'
I'm developing a new user store for my organisation and am now tackling password storage. The concepts of salting, HMAC etc are all fine with me - and want to store the users' passwords either salted and hashed, HMAC hashed, or HMAC salted and hashed - not sure what the best way will be - but in… >>> More
What is your favorite password storage tool?

as seen on Super User - Search for 'Super User'
Aside from personal passwords, I'm always juggling a number of project-specific passwords, including those for network, web and database authentication. Some authentication can be managed with ssh keys and the like, but everywhere I've worked I also faced the need for the management of passwords that… >>> More
Is SHA-1 secure for password storage?

as seen on Stack Overflow - Search for 'Stack Overflow'
Some people throw around remarks like "SHA-1 is broken" a lot, so I'm trying to understand what exactly that means. Let's assume I have a database of SHA-1 password hashes, and an attacker whith a state of the art SHA-1 breaking algorithm and a botnet with 100,000 machines gets access to it. (Having… >>> More
Looking for a safe, portable password-storage method

as seen on Stack Overflow - Search for 'Stack Overflow'
Hello, I'm working on C++ project that is supposed to run on both Win32 and Linux, the software is to be deployed to small computers, usually working in remote locations. Recently, our client has requested that we introduce access control via password protection. We are to meet the following criteria… >>> More

Related posts about passwords

Fixing /etc/shadow with md5 passwords to sha512 passwords

as seen on Ask Ubuntu - Search for 'Ask Ubuntu'
I recently upgraded an ubuntu server with many users to a recent version from a version from 2008. The server used to use md5 password hashes (e.g., the shadow passwords began with $1$) and now is configured to use sha512. I'd prefer to keep using sha512, but would like the old users to be able… >>> More
How to securely generate memorable passwords?

as seen on Super User - Search for 'Super User'
Whenever I need new passwords I use some tools to generate those, preferable memorable passwords, but I've been wondering how secure this might actually be. Using The xkcd random number generator is probably pretty bad, cat /dev/random is probably pretty good, but generating memorable passwords seems… >>> More
Gawker Passwords

as seen on Geeks with Blogs - Search for 'Geeks with Blogs'
There has been much news about the hack of the Gawker web sites. There has even been an analysis of the common passwords found. This list is embarrassing in many ways. The most common password was "123456". The second most common password was "password". Much has also been written providing… >>> More
Phishing Ploy Forces Twitter to Reset Passwords

as seen on Internet.com - Search for 'Internet.com'
The microblogging site has reset some Twitter users' passwords after a phishing attack attempted to steal their login information. >>> More
Phishing Ploy Forces Twitter to Reset Passwords

as seen on Internet.com - Search for 'Internet.com'
The microblogging site has reset some Twitter users' passwords after a phishing attack attempted to steal their login information. >>> More