“Remember password” option [C#]
https://stackoverflow.com/questions/1813090
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
i need to implement a "Remember password" option in my program, it works with client-server protocols that REQUIRE the entire password to be passed in the loggin process, not only Hashes, so i need to store the entire password locally. I searched all over the place but i found no conclusive answer or no answer at all. But since Email clients, Internet Browsers, IM clients do it, it shouldn't be impossible...
so, what's the best method?
Thanks
Solution
1) Just dont do it. No matter how good your security not storing passwords is still better.
2) If you have to do it, consider windows secure storage
OTHER TIPS
I'd use the CredentialsUI. There's an article on MSDN explaining how to use it in .NET.
I'm fairly sure it's what's used by modern email clients, Internet Browsers etc. It provides an option to save your credentials, encrypted using DPAPI.
I've created a C# wrapper class that makes it easy to use from managed apps.
Here is a related question. Windows equivalent of OS X Keychain?
Your app has to get the passwort in cleartext at some time. You can only make it harder for the attackers. It is a security/effort tradeoff.
.NET provides the so-called 'Isolated Storage' feature, where you can store such data. In this MSDN article also references are given how the isolated storage can be encrypted to secure the stored data.
