0

Today I have a web application that needs to store the user's email and password, so that when he opens the login screen, the authentication is done automatically. For this, our application saves the email and password in localStorage, unfortunately in plain text and it's not the best option (secure) for that.

It is done this way as many users can never remember their password, and this makes it easier for them to use.

As we want to change to something more secure I saw that there is the Credential Management API, however, I was only able to test it successfully in Google Chrome, but it seems that important items to use it are not available in many browsers, Source: Can I Use.

What is the best alternative to store these credentials on the client side? Via session or cookie (server side) it is not possible to store this information.

Tom
  • 163
  • 4
  • Related: [How to Securely Implement a "Remember Me" feature?](https://security.stackexchange.com/q/44/129883) – Fire Quacker Jan 11 '22 at 14:36
  • My use case is not a "Remember Me". – Tom Jan 11 '22 at 14:58
  • 1
    Can you explain what the difference is between this and "remember me"? The way you described it in the first two paragraphs sounds a lot like you are trying to build a "remember me" feature. – Fire Quacker Jan 11 '22 at 15:13

0 Answers0