I'm wondering how many applications, like IE, Opera, FireFox, etc store usernames and passwords.
I know you can just encrypt them, but then you need a key to unencrypt them which requires the user to input another password everytime they need to access a specific username and password (which none of the browsers do) or they can hard code the key into their code, which would be visible via resource editors or decompilers.
So, how do they do it? I need to let the user input some usernames and passwords into my applications and store then securly, yet be able to access the username and password themselves later on.
I know with .Net 2.0 I have access to the SecureString class but can you even serialize that so it keeps the string encrypted?
I know you can just encrypt them, but then you need a key to unencrypt them which requires the user to input another password everytime they need to access a specific username and password (which none of the browsers do) or they can hard code the key into their code, which would be visible via resource editors or decompilers.
So, how do they do it? I need to let the user input some usernames and passwords into my applications and store then securly, yet be able to access the username and password themselves later on.
I know with .Net 2.0 I have access to the SecureString class but can you even serialize that so it keeps the string encrypted?