Comments

You must log in or register to comment.

emma wrote

Signing a waiver that absolves me from liability when hundreds of thousands of peoples' passwords inevitably leak.

11

devtesla wrote

I store them in my butt and then require 2fa to get into my butt

8

musou wrote

i'd honestly rather quit than build this even if it meant i couldn't pay rent.

6

cute_spider_ni_srsly wrote

Just to be clear: I must store the passwords in plaintext. I'm not allowed to store the passwords in a system which can produce plaintext. Is that right?

2

cute_spider_ni_srsly wrote

Regardless I would attempt to hire as a consultant an architect from Google Chrome team who has worked with this system before. Since you can get your saved passwords plaintext on any Chrome browser that you're logged into and they haven't had a major breach in that system that we know of yet, we should think about what Google does to this end.

2

twovests OP wrote

Eee I'm so happy someone asnswered this seriously

2

cute_spider_ni_srsly wrote

Here's the basic pitch:

There are two databases for passwords. One of which is turbo isolated and basically is write-only. Besides the fact that you can write the (decrypted) passwords to it, it basically does nothing. When a plaintext password must be recovered from it, it's a whole process with paperwork.

The server which actually does the password validation, account information, and day-to-day tasks which gets interaction from end users, that one does not use plaintext in any way shape or form.

2

twovests OP wrote

I like this! You're making the plaintext password just to satisfy the awful requirement and then do everything else the right way.

1

twovests OP wrote

I supposed a system that can produce plaintext quickly works. (E.g. the database is protected with a master password.)

2