We help IT Professionals succeed at work.

We've partnered with Certified Experts, Carl Webster and Richard Faulkner, to bring you a podcast all about Citrix Workspace, moving to the cloud, and analytics & intelligence. Episode 2 coming soon!Listen Now


Where should I store a password

Arikael asked
Medium Priority
Last Modified: 2013-12-17
Hi experts,

I have a client/server application which requires the user to login. What I want to do is a "Remember me" functionality, so the user is not forced to login everytime he opens the application (the "real" credentials are stored in MS SQL Server)
The application is only used in a local network and based on WinForms.

I know most of you would say, that a password should never be stored.
But where is the best place to store it?
Should I use the windows credentials?
Should I store the credentials in a encrypted (config) file?

Thanks for your help
Watch Question

Couldn't you store it in a long term cache in AppData?  Just encrypt it and make the file hidden?

Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts

You don't have to store the password itself.
You should hash it with a hash function like md5 or sha.
Then you can check the hash value of the submitted password against your stored hash value.
Found this article through a quick google search:


When I said "store the password" I meant the encrypted or hashed password. Sorry for that :-)
but where would you store the password (hash)

what do you mean by "long term cache"?
an encrypted textfile?
I would go with a config file, or you could look into storing values in the windows registry. I've never done that myself, but many applications does that for storing various small bits of information.
Anurag ThakurTechnical Manager
i will go with a totally new concept of Isolated Storage for strong hashed passwords
Isolated Storage in .NET to store application data - http://www.codeproject.com/KB/dotnet/IsolatedStorage.aspx


Sorry, for my late response.

So, three people answered and each with a different answer ;-)

Has somebody further/other suggestions?
Anurag ThakurTechnical Manager

my comment will be that its not a good idea to store it in a registry because just think of a scenario where the application is run under the credientials of a user who is not permitted to access the registry? how will he save the password?


thanks for your comments.
I splitted the points among all of you
Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.


Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.