passwords manager in users profile, safe or not safe to store multiple passwords in the same place?

[alexandre]

i have been thinking about a way to make it as easy as possible for the users to use the voucher code system but i have this issue where if a user own many vouchers, to avoid losing a password of a voucher without having to always use the same, since the passwords cant be recovered,  or changed to avoid scam in trades. so i was thinking about a password and code manager that would be protected by a security pin. somehow i feel like a simple security pin short enough to remember for the users would not be enough to protect their funds if their account was to be compromised for any reasons. having a password and code manager would put their funds at risk so i have put a recovery of the voucher codes in place but again this is numbers that users have to save somewhere and that is the big risk of lost funds if they lose the last thing making them able to recover their voucher. i feel like their is no real way in my control to make sure that no mistakes can be made.. if i allow them to recover passwords it will allow scams and if i store all informations they need , i put them at risk. which one is the less worst in those two that i could handle ?

[requinix]

Sounds like you've discovered the concept of feature creep.

Is the rest of your voucher system already set up?

[gizmola]

Ease of use vs security is a never ending battle.  Try to opt for the simplest solution that also works.

• You can either
  • act as custodian (allows for you to aid a user when they forget/misplace something)
  • provide no custody, thus insuring a compromise of your system doesn't compromise user assets

You can't do both.  Not knowing enough about this system, I would question the nature of the vouchers themselves.  Does your system know the value and when something is redeemed?  You might have a customer service feature that would allow someone to make a new voucher to replace a lost one?  That mght be an alternative, but would require your system to have the necessary information and controls available to you to determine the status of a voucher, and be able to revoke/replace it.  

[alexandre]

yes , i have a hard time making compromises on the server side security but also for the users security. since i noticed that almost every hack i saw was being done via the recovery system of the sites, i opted for a no recovery at all. the voucher system is functional and users can recover a voucher as long as they will not lose the voucher's password and security pin wich is a 7 random digits generated when you create your voucher. the good thing is, if a user loses his account they can always redeem their vouchers in a new account as long as they do not lose the password and security pin the voucher is safe and the vouchers are not erased for historical value or even legal matters, only the status and a lock for even more secuirty is activated on the voucher as soon as it is sent in a transaction, once the lock is activated or the status of a voucher is 0, the voucher is unusable. also i collect zero personal informations, not even an email account since every site i saw is using this and as soon as your email is compromised everything else is because we all know that we use our email accounts for everything. thats why my website wont be offering an account recovery.. i tried to think to an alternative as you was saying  but i will be strongly advising to be careful with the passwords and vouchers, without having any personal informations about a user i simply cant see how i could ensure security if i have no way to prove that this is them.

Edited January 5, 2023 by alexandre

[alexandre]

thats why now i was thinkijng about integrating a voucher  manager protected by a password before you can access it. only problem is that i know that most of users will only be using the same password for their account and for the vouchers, thats what might compromise their account or vouchers , integrating a voucher manager would, in my opinion help to prevent that since the users would feel less scared about choosing complicated passwords if they knew it was saved for them somewhere. with a password manager and no recovery system what is there left to do to hack the user, it is protected with sessions id with up to 19 random digits. if your session id and unique name doesnt match it kick you out. all the inputs are filtered. i am trying to make it as safe as possible to be able to integrate a voucher manager since the beginning but even i am not sure about it until i will have put  enough layers of security in place. i am also in the making of an admin panel , i can already lock a user account and log them out without possibility of logging back in if there is any need for it in a simple click or if they are locked and i need to unlock, the button is changing to unlock . pretty simple but useful if i notice anything strange with a user account. i was going to add a voucher panel from where i can monitor if needed. 

i forgot to say that i made the transaction system for the vouchers only. it is a one way transaction where a user send a voucher in a transaction, for doing so the user needs to enter the targeted user and enter his voucher code and password for this voucher. once the transaction is sent, the user cant cancel it or alter it in any way. i did this because i was scared that people would use this as a scam tool to make others believe they sent something and cancel before the receiver could redeem it. once the transaction is completed the voucher is redeemed and will remain unactive and locked and it is the same for the transaction itself. all of this is functional as it is. i still need to add a pin needed to enter before the user can create a voucher to avoid someone stealing the funds on the account if it was to be compromised.

 

Edited January 5, 2023 by alexandre