Helping people with computers... one answer at a time.
There are tools to recover most of your 'remembered' password. You can use them if you forgot your 'remembered' password, and so can anyone with access to your machine.
I've forgotten my password [to a web site, mail account, instant messaging tool, etc.]. However, I can log in because I have 'remember my password' configured, so the computer just logs me in automatically since it saved password. Is there a way I can see what that password is?
And that should scare you, because it's an important lesson about just how dangerous it is to use 'remember me'.
Why? Because if you can recover it, then anyone who has access to the machine can probably recover it.
'Remember my password' doesn't seem like such a good idea anymore, now does it?
When you choose 'Remember my password', or any equivalent, the software does exactly that - it saves a copy of your password somewhere on the computer. Sometimes it's stored in plain text - available to anyone if they know where to look, sometimes it's encrypted or obfuscated in some way. Regardless, it has to be quick and easy for the program to fetch the remembered password and decrypt it, if needed, each time you login or do whatever it is that requires that password.
And that applies to almost all common applications that save passwords, including nearly all instant messaging programs, nearly all email programs, and nearly all websites that require some kind of account name and password to login.
So it stands to reason that there would be utility programs that also can retrieve those very same account names and passwords.
Let's start with one that you might not even realize.
If you use Firefox as your web browser, do this:
Click on the Tools menu
Click on the Options menu item
Click on the Passwords tab
Click on the View Saved Passwords button
In the resulting dialog, click on the Show Passwords button
If you're like me, you'll be fairly shocked the first time you do this. Yes, you can set a 'master password' to protect your passwords, but the default is not to have one.
And anyone who walks by your computer while you're logged in can do this.
For other programs, you need to download a few simple utilities. Specifically, NirSoft has available several Password Recovery Tools. Included are tools that will display the saved passwords for a host of different programs and situations.
For example, here's a screen shot resulting from running the 'MessenPass' utility on my machine:
You can see that it lists, for each IM program I run, the service, the account name and the password. While I've obfuscated them here in this example for my protection, the account names and passwords are displayed in clear text.
I'm not guaranteeing it, of course, since there could be many other things at play, but if you've lost a password, and you have 'Remember' turned on, there's a very high likelihood that you can grab one of the utilities from NirSoft, and recover it. It's certainly one of the first things I would try.
Yet Another Word About Security
I encourage you to download those tools and play with them on your own machine. Using them, you'll see how trivially easy it is to recover many passwords that are merely hidden by the 'remember' function of so some applications.
Now remember: anyone can use them.
If you leave your machine logged in, anyone who can walk up to it can insert a CD or floppy with these tools, and get your saved passwords just as trivially.
And while logging out or using a password protected screen saver puts up a barrier, even that barrier, while significant, is not impenetrable.
I want to make sure you remember two important things:
1) 'Remember my password' is a convenience, and a security risk. Use it with caution.
2) If your machine is not physically secure it is not secure. If someone can walk up to it, insert a disk and reboot it, they can take total control. And that includes recovering your passwords with tools as we've seen here.
And remember also, that while you've just read this article and learned how to recover your remembered password ... your 'friends' and perhaps those who are not your friends have also read this and learned how to steal your remembered password.
Comments on this entry are closed.
If you have a question, start by using the search box up at the top of the page - there's a very good chance that your question has already been answered on Ask Leo!.
If you don't find your answer, head out to http://askleo.com/ask to ask your question.