Viewing a single comment thread. View all comments
cute_spider_ni_srsly wrote
im still working on this answer but it is hard.
cute_spider_ni_srsly wrote
Here's the basic pitch:
There are two databases for passwords. One of which is turbo isolated and basically is write-only. Besides the fact that you can write the (decrypted) passwords to it, it basically does nothing. When a plaintext password must be recovered from it, it's a whole process with paperwork.
The server which actually does the password validation, account information, and day-to-day tasks which gets interaction from end users, that one does not use plaintext in any way shape or form.
twovests wrote
I like this! You're making the plaintext password just to satisfy the awful requirement and then do everything else the right way.
twovests wrote
Eee I'm so happy someone asnswered this seriously