troubleshooting Question

RSA Like Password Token for Smartphone

Avatar of Matt Grofsky
Matt GrofskyFlag for United States of America asked on
SecurityEncryptionNetwork Security
2 Comments1 Solution507 ViewsLast Modified:
Q:  Help me find a way to store encrypted passwords in my database and use a "smart phone" to provide a key to the web desktop interface to decrypt the encrypted password.

Answer Advice

I am hoping your answer will either give me some guidance on how to program this in Cold Fusion or LAMP and/or point me to a vendor that can help me get this done.  I am not interested in using expensive solutions like RSA and I have already looked at YubiKey.

Detail

I run a technical support department.   When end users call in, our technical support agents can look into a database to find user passwords.  I am trying to avoid passing passwords over https, displaying them openly on a agents web browser, and would like to protect the passwords in case the database is hacked.

My idea is to encrypt all the passwords and only decrypt them if someone can provide a secure time sensitive code.

Since everyone has a smartphone in their pocket, I would like to explore ways to put a app in their pocket that ;

1 - user must authenticate against known user/pass database.  This way I can control if a user has access to passwords.
2 - once authenticated, app will display a key.  Key is only valid for XX seconds.  When key is provided, user enters key into our web site and password is decrypted.

Your thoughts?
ASKER CERTIFIED SOLUTION
Rick Cogley
CEO

Our community of experts have been thoroughly vetted for their expertise and industry experience.

Join our community to see this answer!
Unlock 1 Answer and 2 Comments.
Start Free Trial
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 1 Answer and 2 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros