Ask Leo!

I forgot my password - can I somehow get my auto-login remembered password?

Home » General Computing

Summary: There are tools to recover most of your 'remembered' password. You can use them if you forgot your 'remembered' password, and so can anyone with access to your machine.

I've forgotten my password [to a web site, mail account, instant messaging tool, etc.]. However, I can log in because I have 'remember my password' configured, so the computer just logs me in automatically since it saved password. Is there a way I can see what that password is?

Yes.

And that should scare you, because it's an important lesson about just how dangerous it is to use 'remember me'.

Why? Because if you can recover it, then anyone who has access to the machine can probably recover it.

'Remember my password' doesn't seem like such a good idea anymore, now does it?

When you choose 'Remember my password', or any equivalent, the software does exactly that - it saves a copy of your password somewhere on the computer. Sometimes it's stored in plain text - available to anyone if they know where to look, sometimes it's encrypted or obfuscated in some way. Regardless, it has to be quick and easy for the program to fetch the remembered password and decrypt it, if needed, each time you login or do whatever it is that requires that password.

And that applies to almost all common applications that save passwords, including nearly all instant messaging programs, nearly all email programs, and nearly all websites that require some kind of account name and password to login.

So it stands to reason that there would be utility programs that also can retrieve those very same account names and passwords.

Let's start with one that you might not even realize.

Firefox

If you use Firefox as your web browser, do this:

  • Click on the Tools menu

  • Click on the Options menu item

  • Click on the Passwords tab

  • Click on the View Saved Passwords button

  • In the resulting dialog, click on the Show Passwords button

If you're like me, you'll be fairly shocked the first time you do this. Yes, you can set a 'master password' to protect your passwords, but the default is not to have one.

And anyone who walks by your computer while you're logged in can do this.

For other programs, you need to download a few simple utilities. Specifically, NirSoft has available several Password Recovery Tools. Included are tools that will display the saved passwords for a host of different programs and situations.

For example, here's a screen shot resulting from running the 'MessenPass' utility on my machine:

MessenPass Screenshot

You can see that it lists, for each IM program I run, the service, the account name and the password. While I've obfuscated them here in this example for my protection, the account names and passwords are displayed in clear text.

I'm not guaranteeing it, of course, since there could be many other things at play, but if you've lost a password, and you have 'Remember' turned on, there's a very high likelihood that you can grab one of the utilities from NirSoft, and recover it. It's certainly one of the first things I would try.

Yet Another Word About Security

I encourage you to download those tools and play with them on your own machine. Using them, you'll see how trivially easy it is to recover many passwords that are merely hidden by the 'remember' function of so some applications.

Now remember: anyone can use them.

If you leave your machine logged in, anyone who can walk up to it can insert a CD or floppy with these tools, and get your saved passwords just as trivially.

And while logging out or using a password protected screen saver puts up a barrier, even that barrier, while significant, is not impenetrable.

I want to make sure you remember two important things:

1) 'Remember my password' is a convenience, and a security risk. Use it with caution.

2) If your machine is not physically secure it is not secure. If someone can walk up to it, insert a disk and reboot it, they can take total control. And that includes recovering your passwords with tools as we've seen here.

And remember also, that while you've just read this article and learned how to recover your remembered password ... your 'friends' and perhaps those who are not your friends have also read this and learned how to steal your remembered password.

Related:

Article 10553 | Posted July 25, 2006

Recent Comments
0 Comments

i had just forgot my password cause i have not been on in so long

Posted by: jamelhickey at March 17, 2007 5:04 AM

ok heres the story i changed my email on thursday on myspace from veronistar@hot to veronikiux2284@hot when i got the link on my email to verify the email switch i clicked on it and now none of the emails work i tried to retrieve the password but it says that my account dont exist with any of the emails but when i look up my account under veronistar@hot its still active what can i do please help

Posted by: V at March 26, 2007 8:07 PM

lol i forgot my password to actualy log into windows, it gives me a hint but i cant remember, is there anyway round this, p.s its a laptop

Posted by: andrew at May 17, 2007 12:49 AM

Use IntelliLogin to automatic login any website for you!
Never forget any password again!
www.jjsoft-studio.com

Posted by: Hoochie at July 24, 2007 4:45 AM

hey nice website

Posted by: Antonio at August 27, 2007 12:07 AM

It showed my password but it still wont let me logg in.

Posted by: bRIT at October 4, 2007 6:39 PM

is there a way to view ALL of your passwords used on a single account over time? because i lost my myspace password and tried several others off the top of my memory while i still had the save password button clicked is there a way to view ALL entered passwords?

Posted by: rythrgefw at December 30, 2007 8:12 PM

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

No, not that I'm aware of.

Leo


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)

iD8DBQFHfoN7CMEe9B/8oqERAmaFAJ0Qz/XqIf8Ek2+SnpXhKgezkCZ74ACfZh1B
IciNWyKHt1VcRLoPYE1yNcs=
=AOXr
-----END PGP SIGNATURE-----

Posted by: Leo A. Notenboom at January 4, 2008 11:05 AM

i forgot my password and i really need help

Posted by: taquita at January 18, 2008 1:32 PM

very good and useful

Posted by: veerareddy at June 17, 2008 7:22 PM

Post a comment on "I forgot my password - can I somehow get my auto-login remembered password?":






(Email Address will not be published.)

Remember Me?

By popular demand...
my tip jar
Cuppa Joe
Buy Leo a Latte!

(you may use HTML tags for style)

New!

RSS feed Subscribe to the RSS Feed specifically for comments on this article.

Before commenting, please...

Please wait. Your comment is being processed ...


Ask Your Question:


ask-leo.com
Web

Stay Informed

Weekly Newsletter

Archives

By Category
By Date

Advertisers

Advertise on Ask Leo!

««   »»

Question? - Ask Leo!
Who is Leo?
Link to Leo!

Terms, Conditions & Privacy