Solved

Storing users passwords

Posted on 2008-06-11
4
232 Views
Last Modified: 2010-04-11
I am currently designing a system that involves customer logins.  One possible login step is entering 3 random chars from the password.

I know typically. passwords are stored as a hash.  However, it is impossible to use 3 random chars with this method.  Can anyone tell me how the passwords should be stored without storing them as plain text?
0
Comment
Question by:benmanning
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 38

Accepted Solution

by:
Rich Rumble earned 125 total points
ID: 21763353
So you want "Two-Factor" authentication... there are a number of ways to do this. While it's a good second measure, with phishing and man-in-the middle, it's not a guarantee, but I feel it adds to the security somewhat. I recommend reading: http://www.schneier.com/blog/archives/2005/03/the_failure_of.html
For your system to ask for 3 random characters from the users password, it should, naturally ask for those first, and the password second. You can store a password in a reversible encryption, and there are other novel methods people are trying for two-factor auth, similar to "captcha" those squiggly text boxes no human can read: http://www.popsci.com/files/imagecache/article_image_large/files/articles/google_captchas_485.jpg
Automated systems are better at solving those than we are, but they have more trouble with questions, like
what is two + 2? or this is a picture of an... "owl" this was made more popular by "kittenauth" where you pick the pictures of kittens http://www.mattwardman.com/blog/wp-content/uploads/20070614-kittenauth-screenshot-1.jpg
http://www.schneier.com/blog/archives/2006/04/kittenauth_1.html
-rich
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 21777432
> .. to use 3 random chars with this method.
no, except brute force
0

Featured Post

On Demand Webinar - Networking for the Cloud Era

This webinar discusses:
-Common barriers companies experience when moving to the cloud
-How SD-WAN changes the way we look at networks
-Best practices customers should employ moving forward with cloud migration
-What happens behind the scenes of SteelConnect’s one-click button

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Here's a look at newsworthy articles and community happenings during the last month.
Recovering from what the press called "the largest-ever cyber-attack", IT departments worldwide are discussing ways to defend against this in the future. In this process, many people are looking for immediate actions while, instead, they need to tho…
Learn how to set-up PayPal payment integration in your Wufoo form. Allow your users to remit payment through PayPal upon completion of your online form. This is helpful for collecting membership payments, customer payments, donations, and more.
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question