I'm making a twitter client, and I'm evaluating the various ways of protecting the user's login information.
IMPORTANT: I need to protect the user's data from other other applications. For example imagine what happens if a bot starts going around stealing Twhirl passwords or Hotmail/GMail/Yahoo/Paypal from applications that run on the user's desktop.
Clarification: I asked this before without the 'important' portion but stackoverflow's UI doesn't help with adding details later inside the Q/A conversation.
- Hashing apparently doesn't do it
- Obfuscating in a reversable way is like trying to hide behind my finger
- Plain text sounds and propably is promiscuous
- Requiring the user to type in his password every time would make the application tiresome
Any ideas ?