encryption - Storing encrypted passwords

Question

My coworker and I are having a fist-fight civilized discussion over password security. Please help us resolve our differences.

One of us takes the viewpoint that:

• Storing passwords encrypted using a public key in addition to a one-way hashed version is OK and might be useful for integration with other authentication systems in the future in case of a merger or acquisition.
• Only the CEO/CTO would have access to the private key, and it would only be used when necessary. Regular login validation would still occur via the hashed password.
• I have/he has done this before in previous companies and there are many sites out there that do this and have survived security audits from Fortune 500 companies before.
• This is a common, and accepted practice, even for financial institutions, thus there is no need to explicitly state this in the privacy policy.
• Sites like Mint.com do this.

The other one of us takes the following viewpoint:

• Storing passwords, even in encrypted form, is an unnecessary security risk and it's better to avoid exposure to this risk in the first place.
• If the private key falls into the wrong hands, users that use the same password across multiple sites would risk having all of their logins compromised.
• This is a breach of trust of our users, and if this practice is implemented, they should be explicitly informed of this.
• This is not an industry-wide practice and no big name sites (Google, Yahoo, Amazon, etc.) implement this. Mint.com is a special case because they need to authenticate with other sites on your behalf. Additionally, they only store the passwords to your financial institutions, not your password to Mint.com itself.
• This is a red flag in audits.

Thoughts? Comments? Have you worked at an organization that implemented this practice?

Answer 1

The first practice of storing recoverable version of passwords is plain wrong. Regardless of the fact that big sites do this. It is wrong. They are wrong.

I automatically distrust any site that stores my password unhashed. Who knows what would happen if the employees of that big company decide to have fun? There was a case some guy from Yahoo stole and sold user emails. What if someone steals/sells the whole database with my emails and passwords?

There is no need whatsoever for you to know my original password to perform authentication. Even if you decide later to split the system, add a new one or integrate with a third party, you still will be fine with just a hash of the password.