[OWASP-Security101] Fwd: 3rd Party Credentials

Thomas Brigham tkbrigham at gmail.com
Wed Jul 12 23:47:00 UTC 2017


I am interested in making an application that uses/aggregates 3rd party
data. These 3rd party sites do not have open/available APIs that I can use
to log in. As such, I imagine that I will have to be able to provide
plaintext username and password combinations to these sites.

Sites like Personal Capital <https://www.personalcapital.com/> seem to be
able to do this with a high degree of confidence that the passwords are
transmitted and stored in non-plaintext format.

How is this possible? What's the best way to approach this problem?

I've also read these articles, which were all cited by the same person (and
I believe that same person authored them):
- Storing clear text PW
- Logging into 3rd party service
- Storing PW that needs to be recovered as plaintext

Do these have the right idea? Are there any further steps that should be

Thomas Brigham
571-435-5250 <(571)%20435-5250>

More information about the Security101 mailing list