Comments on: Internet Explorer (Auto Complete) stores your passwords unencrypted!

By: Ian Boyd

Ian Boyd — Fri, 11 Jun 2010 13:55:34 +0000

Also understand that your encrypted passwords are accessible by you.

This raises two points that should be explicitly stated:

1. You can access all your encrypted passwords, no matter the program that creates them. This is the standard API that is used: you (meaning programs running as you) can access the password store.

2. Other users cannot access your encrypted password. Your passwords are encrypted with a key unique to your account. The only way to gain access to your account’s encryption key is to know your Windows username and password.

By: boris

boris — Thu, 07 Jan 2010 13:07:40 +0000

how can i save the username and password from a website until tipping it on the website if i clicked bevor on “not save password”.

please let me updated ,this is urgent.

thank you

By: Patrick

Patrick — Sun, 29 Nov 2009 05:46:08 +0000

Just use MS Excel, there is an option to password an excel file and keep all your uns and pws data there, and every time you open it you have to imput a password

By: NORMA

NORMA — Tue, 11 Aug 2009 06:27:47 +0000

THANK YOU FOR YOUR GOOD ADVICE. I WAS ABOUT TO MAKE A HUGE MISTAKE.N.C.

By: Dean Harding

Dean Harding — Tue, 05 Jun 2007 23:54:07 +0000

Not much point for a password at all if any program can un-encrypt them.

Some program has to decrypt them (i.e. Internet Explorer) so if one program can do it, all programs can do it. That is, unfortunately, a basic principle of security. In computers, security is based on the user not the program - so if someone else logged onto the computer, they would not be able to decrypt the files -- they would need to know your password. The same is true of Firefox and Opera and basically any program that stores passwords (including "password vaults"). Anyone who tries to tell you differently is lying to you.

By: jestep

jestep — Tue, 05 Jun 2007 12:13:59 +0000

What good are they if they can be that easily extracted. Not much point for a password at all if any program can un-encrypt them.

By: Dean Harding

Dean Harding — Tue, 05 Jun 2007 07:22:18 +0000

the user names and passwords can be easily extracted by the correct program

Um, duh. What good would they be if they couldn’t be extracted?

By: Dpark25

Dpark25 — Wed, 23 May 2007 14:34:04 +0000

Regardless on whether or not the information is encrypted. This is just one of few reasons to have a password manager. Obviously, you got RoboForm for a single user. There are also are also password management options for businesses. Its just a cheap, easy way to manage all of your passwords and not have to worry about security.

By: Just because you read it on the Internet, does not make it true - Spyware Sucks

Just because you read it on the Internet, does not make it true - Spyware Sucks — Wed, 23 May 2007 11:37:52 +0000

[...] Here is the URL:http://www.ecommerce-blog.org/archives/internet-explorer-auto-complete-stores-your-passwords-unencry... [...]

By: wng_z3r0

wng_z3r0 — Wed, 23 May 2007 11:19:04 +0000

http://msdn2.microsoft.com/en-us/library/ms533032.aspx

When a user enters information in an INPUT type=text element and submits a form, that information is encrypted and saved in the data store. If the values of the NAME or VCARD_NAME attributes match the data in the data store, that information is provided in the AutoComplete box. A user can quickly travel through an extensive form, because the requested information already is available and only needs to be selected.