Security to the Max!
Posted: Thu Jul 07, 2011 2:19 am
Hi everyone,
Where I am working we have a bunch accounts with different companies/websites/everything. I advocate advanced security on even the most basic of things so you can imagine how appalled I was when I discovered a bunch of passwords and usernames were being stored in a word document that was routinely being shared among the staff and even put on private laptops and taken home. I have since started my crusade to fix this problem.
I have decided to make a website that will store all the usernames / passwords. I would like some input as to what you guys think should be done to make the encryption and security as air-tight as possible. My ideas so far:
1) SSL obviously
2) Encrypt all usernames/passwords with a manually entered master password and store those encrypted strings in the DB
3) User will enter the master password and that will be used to decrypt the passwords in the DB then displayed to the user
Easy breezy. The questions still remain though, what is the best way to carry the session in a very secure way? What is the best reversible encryption method? How much extra security is added if I require a login instead of just the master password? How would you solve this problem yourself?
Where I am working we have a bunch accounts with different companies/websites/everything. I advocate advanced security on even the most basic of things so you can imagine how appalled I was when I discovered a bunch of passwords and usernames were being stored in a word document that was routinely being shared among the staff and even put on private laptops and taken home. I have since started my crusade to fix this problem.
I have decided to make a website that will store all the usernames / passwords. I would like some input as to what you guys think should be done to make the encryption and security as air-tight as possible. My ideas so far:
1) SSL obviously
2) Encrypt all usernames/passwords with a manually entered master password and store those encrypted strings in the DB
3) User will enter the master password and that will be used to decrypt the passwords in the DB then displayed to the user
Easy breezy. The questions still remain though, what is the best way to carry the session in a very secure way? What is the best reversible encryption method? How much extra security is added if I require a login instead of just the master password? How would you solve this problem yourself?