Solved

Storing users passwords

Posted on 2008-06-11
4
229 Views
Last Modified: 2010-04-11
I am currently designing a system that involves customer logins.  One possible login step is entering 3 random chars from the password.

I know typically. passwords are stored as a hash.  However, it is impossible to use 3 random chars with this method.  Can anyone tell me how the passwords should be stored without storing them as plain text?
0
Comment
Question by:benmanning
4 Comments
 
LVL 38

Accepted Solution

by:
Rich Rumble earned 125 total points
ID: 21763353
So you want "Two-Factor" authentication... there are a number of ways to do this. While it's a good second measure, with phishing and man-in-the middle, it's not a guarantee, but I feel it adds to the security somewhat. I recommend reading: http://www.schneier.com/blog/archives/2005/03/the_failure_of.html
For your system to ask for 3 random characters from the users password, it should, naturally ask for those first, and the password second. You can store a password in a reversible encryption, and there are other novel methods people are trying for two-factor auth, similar to "captcha" those squiggly text boxes no human can read: http://www.popsci.com/files/imagecache/article_image_large/files/articles/google_captchas_485.jpg
Automated systems are better at solving those than we are, but they have more trouble with questions, like
what is two + 2? or this is a picture of an... "owl" this was made more popular by "kittenauth" where you pick the pictures of kittens http://www.mattwardman.com/blog/wp-content/uploads/20070614-kittenauth-screenshot-1.jpg
http://www.schneier.com/blog/archives/2006/04/kittenauth_1.html
-rich
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 21777432
> .. to use 3 random chars with this method.
no, except brute force
0

Featured Post

Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Each year, investment in cloud platforms grows more than 20% (https://www.immun.io/hubfs/Immunio_2016/Content/Marketing/Cloud-Security-Report-2016.pdf?submissionGuid=a8d80a00-6fee-4b85-81db-a4e28f681762) as an increasing number of companies begin to…
This article describes my battle tested process for setting up delegation. I use this process anywhere that I need to setup delegation. In the article I will show how it applies to Active Directory
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

821 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question