I know I should encrypt the password whenever I save passwords for security.
But I don't know how should I encrypt password that when I save for autologin.
If the password was just for checking user, I can encrypt passwords with one-way encryption like pbkdf2. But the password should be protected, and I should access it when the program started. How can I securely save & use passwords?
Best Answer
Autologin is not based on the password used in a manual login. There is a separate credential (based on identifying and non-identifying information) that is generated after a successful login, and that credential is stored on the client in an encrypted cookie or similar storage mechanism. More details on this approach can be found in this article
The use of 'encrypt' here is dangerous, encryption implementations are generally two-way. Passwords should be 'hashed', a one-way mechanism that provides no trivial way to view the original input.
Note that virtually all custom authentication schemes are designed insecurely, don't build this if you don't have to: