|
Summary: There are tools to recover most of your 'remembered' password. You can use them if you forgot your 'remembered' password, and so can anyone with access to your machine. I've forgotten my password [to a web site, mail account, instant messaging tool, etc.]. However, I can log in because I have 'remember my password' configured, so the computer just logs me in automatically since it saved password. Is there a way I can see what that password is? Yes. And that should scare you, because it's an important lesson about just how dangerous it is to use 'remember me'. Why? Because if you can recover it, then anyone who has access to the machine can probably recover it. 'Remember my password' doesn't seem like such a good idea anymore, now does it? • When you choose 'Remember my password', or any equivalent, the software does exactly that - it saves a copy of your password somewhere on the computer. Sometimes it's stored in plain text - available to anyone if they know where to look, sometimes it's encrypted or obfuscated in some way. Regardless, it has to be quick and easy for the program to fetch the remembered password and decrypt it, if needed, each time you login or do whatever it is that requires that password. And that applies to almost all common applications that save passwords, including nearly all instant messaging programs, nearly all email programs, and nearly all websites that require some kind of account name and password to login. So it stands to reason that there would be utility programs that also can retrieve those very same account names and passwords. Let's start with one that you might not even realize. Firefox If you use Firefox as your web browser, do this:
If you're like me, you'll be fairly shocked the first time you do this. Yes, you can set a 'master password' to protect your passwords, but the default is not to have one. And anyone who walks by your computer while you're logged in can do this. For other programs, you need to download a few simple utilities. Specifically, NirSoft has available several Password Recovery Tools. Included are tools that will display the saved passwords for a host of different programs and situations. For example, here's a screen shot resulting from running the 'MessenPass' utility on my machine:
You can see that it lists, for each IM program I run, the service, the account name and the password. While I've obfuscated them here in this example for my protection, the account names and passwords are displayed in clear text. I'm not guaranteeing it, of course, since there could be many other things at play, but if you've lost a password, and you have 'Remember' turned on, there's a very high likelihood that you can grab one of the utilities from NirSoft, and recover it. It's certainly one of the first things I would try. Yet Another Word About Security I encourage you to download those tools and play with them on your own machine. Using them, you'll see how trivially easy it is to recover many passwords that are merely hidden by the 'remember' function of so some applications. Now remember: anyone can use them. If you leave your machine logged in, anyone who can walk up to it can insert a CD or floppy with these tools, and get your saved passwords just as trivially. And while logging out or using a password protected screen saver puts up a barrier, even that barrier, while significant, is not impenetrable. I want to make sure you remember two important things: 1) 'Remember my password' is a convenience, and a security risk. Use it with caution. 2) If your machine is not physically secure it is not secure. If someone can walk up to it, insert a disk and reboot it, they can take total control. And that includes recovering your passwords with tools as we've seen here. And remember also, that while you've just read this article and learned how to recover your remembered password ... your 'friends' and perhaps those who are not your friends have also read this and learned how to steal your remembered password. Related:
Article 10553 | Posted July 25, 2006 |
Popular & Hot How do I make a new MSN Hotmail account? How do I delete history items from my Google tool bar? My desktop Recycle Bin has disappeared - why, and how do I get it back? How do I delete my Hotmail account? I accidentally deleted my Recycle Bin in Vista - how do I get it back? New & Important How can I get the old Windows Live Hotmail back? Internet Safety: How do I keep my computer safe on the internet? Are free email services worth it? Would you please recover my password? My account has been hacked or I've forgotten it.
Stay Informed Archives Advertisers |
•
i had just forgot my password cause i have not been on in so long
Posted by: jamelhickey at March 17, 2007 5:04 AMok heres the story i changed my email on thursday on myspace from veronistar@hot to veronikiux2284@hot when i got the link on my email to verify the email switch i clicked on it and now none of the emails work i tried to retrieve the password but it says that my account dont exist with any of the emails but when i look up my account under veronistar@hot its still active what can i do please help
Posted by: V at March 26, 2007 8:07 PMlol i forgot my password to actualy log into windows, it gives me a hint but i cant remember, is there anyway round this, p.s its a laptop
Posted by: andrew at May 17, 2007 12:49 AMUse IntelliLogin to automatic login any website for you!
Posted by: Hoochie at July 24, 2007 4:45 AMNever forget any password again!
www.jjsoft-studio.com
hey nice website
Posted by: Antonio at August 27, 2007 12:07 AMIt showed my password but it still wont let me logg in.
Posted by: bRIT at October 4, 2007 6:39 PMis there a way to view ALL of your passwords used on a single account over time? because i lost my myspace password and tried several others off the top of my memory while i still had the save password button clicked is there a way to view ALL entered passwords?
Posted by: rythrgefw at December 30, 2007 8:12 PM-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
No, not that I'm aware of.
Leo
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)
iD8DBQFHfoN7CMEe9B/8oqERAmaFAJ0Qz/XqIf8Ek2+SnpXhKgezkCZ74ACfZh1B
Posted by: Leo A. Notenboom at January 4, 2008 11:05 AMIciNWyKHt1VcRLoPYE1yNcs=
=AOXr
-----END PGP SIGNATURE-----
i forgot my password and i really need help
Posted by: taquita at January 18, 2008 1:32 PMvery good and useful
Posted by: veerareddy at June 17, 2008 7:22 PM