[OWASP-Security101] Fwd: 3rd Party Credentials
tkbrigham at gmail.com
Wed Jul 12 23:47:00 UTC 2017
I am interested in making an application that uses/aggregates 3rd party
data. These 3rd party sites do not have open/available APIs that I can use
to log in. As such, I imagine that I will have to be able to provide
plaintext username and password combinations to these sites.
Sites like Personal Capital <https://www.personalcapital.com/> seem to be
able to do this with a high degree of confidence that the passwords are
transmitted and stored in non-plaintext format.
How is this possible? What's the best way to approach this problem?
I've also read these articles, which were all cited by the same person (and
I believe that same person authored them):
- Storing clear text PW
- Logging into 3rd party service
- Storing PW that needs to be recovered as plaintext
Do these have the right idea? Are there any further steps that should be
More information about the Security101