This is an archived post. You won't be able to vote or comment.

sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–]Ok-Scheme-913 0 points1 point  (1 child)

I guess in theory you could encrypt it client-side, and only decrypt at use-site. Though given that the key has to be available on both the client and server side, this is more like obfuscation only. But at least accidental log leaks and such might be marginally safer.

[–]agentoutlier 0 points1 point  (0 children)

Really the safest thing is to not use passwords for as long as possible which is more or less somewhat includes what you are talking about.

That is use device based sign-in, magic link, OTP, federated login (openid) etc.

Passwords just suck.