Question

Transfer password from the web, without being able to read.

Nov 30, 2018 4:59AM PST

Good day!

How can I solve the following problem?

1) It is necessary to transfer the password from the web resource to another user.
2) But at the same time another user should not see this password and should not be able to copy the password as text.
3) Computers with which you plan to access a web resource are in the same enterprise network.

Is there any software or a simple way to solve this problem?

Discussion is locked

Follow
Reply to: Transfer password from the web, without being able to read.
PLEASE NOTE: Do not post advertisements, offensive materials, profanity, or personal attacks. Please remember to be considerate of other members. If you are new to the CNET Forums, please read our CNET Forums FAQ. All submitted content is subject to our Terms of Use.
Reporting: Transfer password from the web, without being able to read.
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Comments
- Collapse -
Answer
Password Manager?
Nov 30, 2018 9:40AM PST

I believe some password managers offer this capability. I don't use any of the commercial ones, so I can't give you a specific recommendation. Most, if not all, will also generate very strong passwords for you that look like strings of random characters.

A word of caution - make sure that whoever is responsible for managing the password manager has VERY VERY good backups locked away somewhere!

- Collapse -
Answer
I'm going with no.
Nov 30, 2018 9:47AM PST

No as in all password transfer systems I've seen have to decode and encode so there's a possible breach.

You also have an issue that I can't guess how you solved today. Ready? I've gone to other user PCs and shown them how easy it is to show passwords that they saved in a browser. This is why password managers excel over a browser password system.

How do you solve your new problem? Get with some software developers and hash it out, write that app and then you have your new unique solution.

- Collapse -
Answer
(NT) snail mail,sneaker net, or phone call
Nov 30, 2018 4:40PM PST
- Collapse -
Answer
The "official" way in corporate environments ...
Dec 1, 2018 1:33AM PST

... no guarantee that this will apply to your setup.

Firstly, using https to access the web resource would allow data transfer (including passwords) that is encrypted and as such should be secure. That is what allows you to send your passoerd to your online banking site.
Secondly, if you are looking at doing this on a more regular basis and are looking for a delegation style solution you would need to check out the OAUTH protocol and figure out how to implement that. This actually works without giving your 3rd party the password at all - instead there is a "token" that carries a time and scope limited authority. For example (and I am not implying that this is currently implemented in any public cloud environment that you might be able to get access to): You hold files in cloud storage (e.g.photos) and you want to permit someone to print these files on your behalf. Then the protocol (in simplified terms) lets you create a temporary access right (read-only) to those items with your cloud provider so that the someone, duly authenticated, can access these exact items for a limited period of time.

Your password might be such a resource.

If a makeshift solution is more what you need - you could think of a devious way of splitting it up into a number of components, mix these in with otherwise meaningless text, zip up each of the resulting files with a password (remembering that zip file passwords are not totally unbreakable,) zip the resulting zip files a few more times, creating deeper levels of iterative zipping and deliver each of the resulting files separately to their destination - using dropbox or even email. Someone would have to spend a lot of effort to follow all your steps and to get all the pieces into one location in order to crack that system Wink

- Collapse -
Answer
Re: password
Dec 1, 2018 2:52AM PST

Assuming that it is like you write (the password currently is stored on a "web resource" and needs to be sent to person X, but no other person Y may see it) my solution is that you send the url of that web resource (whatever a web resource is) via SMS or Whatsapp from your phone to the phone of X. No other user of the network will see the url, and no other user of the network will be able to find the password.

And if your colleague works in the same building as you do, why not walk to his desk and tell him?

Post was last edited on December 2, 2018 12:12 PM PST

CNET Forums

Forum Info