I’m currently working on a small app where I need to implement password protection for specific pages, similar to what Wordpress does for password-protected posts, or InVision when you password protect a prototype. To give some more context, these pages contain client-sensitive information but I want to avoid having to get the clients to sign up and log in as a user to view the data.
The passwords will need to be able to be human readable in the backend by an admin and also be changed if required. So I assume this means I can’t store just a hashed version, as I need to be able to retrieve the actual password itself. Now I know that storing plaintext passwords is obviously not recommended, but I’m trying to figure out if there’s any other (better) way to approach it to maintain some sort of security. I notice the Wordpress implementation of this setup stores passwords as plain text and just sets up a session cookie for future visits to the page.
If anyone else has tackled a similar problem and is willing to share that’d be great.