I’m working on an application that I would like to have password protected. Tl;dr when the user first runs it they set a password, and every time they launch the application from a completely closed state they need to re-enter the password they set. I’m trying to think of methods to store their password where it is unaccessible/hidden from the user. The application is designed to be an offline app so server-side/internet authentication isn’t an option. I’ve considered using local storage but IIRC viewing local storage variables is easy and they expire/reset, same with cookies. Is there a decent method of doing this?
At the very minimum never store the password in plaintext. Store at salted hashed version of the password and compare to a newly made one.
Nodejs have a nice nuilt in support for crypto. See crypto.pbkdf2
Then for storage there’s nodejs project that support for os key chain.
But it feel more like a building block to a password manager application than a way to store an open password. Maybe local storage is not too bad.
Finlay without source code protection and with build in debugger, it’s all relatively low security at best.