Avatar of Matt Grofsky
Matt Grofsky
Flag for United States of America asked on

RSA Like Password Token for Smartphone

Q:  Help me find a way to store encrypted passwords in my database and use a "smart phone" to provide a key to the web desktop interface to decrypt the encrypted password.

Answer Advice

I am hoping your answer will either give me some guidance on how to program this in Cold Fusion or LAMP and/or point me to a vendor that can help me get this done.  I am not interested in using expensive solutions like RSA and I have already looked at YubiKey.

Detail

I run a technical support department.   When end users call in, our technical support agents can look into a database to find user passwords.  I am trying to avoid passing passwords over https, displaying them openly on a agents web browser, and would like to protect the passwords in case the database is hacked.

My idea is to encrypt all the passwords and only decrypt them if someone can provide a secure time sensitive code.

Since everyone has a smartphone in their pocket, I would like to explore ways to put a app in their pocket that ;

1 - user must authenticate against known user/pass database.  This way I can control if a user has access to passwords.
2 - once authenticated, app will display a key.  Key is only valid for XX seconds.  When key is provided, user enters key into our web site and password is decrypted.

Your thoughts?
Network SecuritySecurityEncryption

Avatar of undefined
Last Comment
Rick Cogley

8/22/2022 - Mon
ASKER CERTIFIED SOLUTION
Rick Cogley

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
Rick Cogley

What did you decide, Michin? As for us, we are using LastPass. It has been a bit buggy, but, it basically seems to work well, once you get around a few idiosyncratic aspects.
Experts Exchange is like having an extremely knowledgeable team sitting and waiting for your call. Couldn't do my job half as well as I do without it!
James Murphy