I have to deal with a place that has some terrible security practices. For example, this place gives people passwords (eg. domain logon on Windows, but paired with their name as the username) that is also used for identification purposes (eg. as a PIN that works to identify them to give access to places, but it can also be directly used, if you have the right access, to pull up all sorts of details on the person, without any username).
These passwords are not secure, either. It is just a six-digit number.
In order to identify people (and give them authorization to a location), I only get this number (which, in itself, raises a number of problems like impersonation, but that is out of my hands) from a card that people in the organization have. Normally, if I were part of the organization directly, I’d have access to a database of information for which this number corresponds to, but I am not and I cannot get access to the information. I need this user information so I can have a separate log of which people (with names) have entered the room for security purposes, but I can request organization members to give their information separately to me so I can associate the number with the information and have my own database.
I cannot use a different number since it is the organization’s requirements that organization members must use their card with that number to gain access to the room, although I could potentially have the users input a separate code if they desire that I could use in addition to the regular number.
How do I safely store this number, so that if my database is compromised, people cannot take it and use it as the users’ password later on?
The way this system works is that I have a server with a database that would store this password (however it should be stored). There is a client that collects the number and sends it (or whatever should be sent) to the server to find the user in question. The server is (should) not accessible through any means other than the client, as the client is directly connected to the server over a VPN.
The client is the only client that collects the number, so, for example, if encryption is required, the client could store keys without the need to transfer them anywhere else. The client also has a TPM, which could also be used for storing keys, hashing, and any other required operations.