The user bigpapa logs in then wants to store a new password.
So they give the BE:
App/Site Name | Passwd |
---|---|
Reddit.com | foobz |
The backend encrypts the password and stores this app/site name with their username with previous sites/apps stored in a db like so:
Username | App/Site Name |
---|---|
bigpapa | Reddit.com |
bigpapa | twitter.com |
Frontend gets back this to store in localstorage:
App/Site Name | Encyrpted Passwd |
---|---|
Reddit.com | afshjfb378rfsduaf |
Now say bigpapa logs in a day later and wants to get into reddit. After authing with LKey he sends the BE:
App/Site Name | Encyrpted Passwd |
---|---|
Reddit.com | afshjfb378rfsduaf |
And the be spits back:
App/Site Name | Passwd |
---|---|
Reddit.com | foobz |
Sending passwords over the net could maybe be bad(?) but people do it. If we were serious we'd have to use https/ssl.