security of stored passwords, especially in IE

M

michael brooks

Friends,
This question relates to largely to IE, but I'm only posting it here since
maybe it relates in part to Windows (XP) generally.

IE offers the convenient feature of remembering passwords. I'm wondering how
secure these are, assuming that no one can guess the password to my Windows
XP account.

For example, in the unlikely event that some one managed to steal the
harddrive out of my computer, then of course he would be able to read all
the files on my computer, but probably would not be able to log on to my
account. Is that assumption correct, assuming I use a strong password? And
are the passwords stored by IE encrypted with a good algorithm such that it
would be very hard for such a person to discover the passwords?

thanks for your insights.
 
B

Brian Komar

Google on DPAPI
Brian
"michael brooks" <msb107@gnnx.net> wrote in message
news:OBJuW9VKIHA.1184@TK2MSFTNGP04.phx.gbl...
> Friends,
> This question relates to largely to IE, but I'm only posting it here since
> maybe it relates in part to Windows (XP) generally.
>
> IE offers the convenient feature of remembering passwords. I'm wondering
> how secure these are, assuming that no one can guess the password to my
> Windows XP account.
>
> For example, in the unlikely event that some one managed to steal the
> harddrive out of my computer, then of course he would be able to read all
> the files on my computer, but probably would not be able to log on to my
> account. Is that assumption correct, assuming I use a strong password? And
> are the passwords stored by IE encrypted with a good algorithm such that
> it would be very hard for such a person to discover the passwords?
>
> thanks for your insights.
>
 
M

Michael Bednarek

On Sat, 17 Nov 2007 15:18:12 -0600, michael brooks wrote in
microsoft.public.security:

>This question relates to largely to IE, but I'm only posting it here since
>maybe it relates in part to Windows (XP) generally.
>
>IE offers the convenient feature of remembering passwords. I'm wondering how
>secure these are, assuming that no one can guess the password to my Windows
>XP account.
[snip]

AFAIK Cain (<http://www.oxid.it/cain.html>) can easily show all those
passwords. I think it's safe to assume that everything on a PC can be
extracted by an attacker with physical access to it.

--
Michael Bednarek http://mbednarek.com/ "POST NO BILLS"
 
M

michael brooks

Thank you very much, Michael & Brian, for your comments!

"Michael Bednarek" <mbATmbednarek.com@BLACKHOLESPAM.NET> wrote in message
news:dl90k3pqp3b146gnp85v5d9383hn0vbv32@4ax.com...
> On Sat, 17 Nov 2007 15:18:12 -0600, michael brooks wrote in
> microsoft.public.security:
>
>>This question relates to largely to IE, but I'm only posting it here since
>>maybe it relates in part to Windows (XP) generally.
>>
>>IE offers the convenient feature of remembering passwords. I'm wondering
>>how
>>secure these are, assuming that no one can guess the password to my
>>Windows
>>XP account.
> [snip]
>
> AFAIK Cain (<http://www.oxid.it/cain.html>) can easily show all those
> passwords. I think it's safe to assume that everything on a PC can be
> extracted by an attacker with physical access to it.
>
> --
> Michael Bednarek http://mbednarek.com/ "POST NO BILLS"
 
H

hehe

don't use password storage of any kind, cain and able can easily extract
passes :)

--

==
http://www.big-forum.com - Object Freaking Everything!
==



"michael brooks" <msb107@gnnx.net> wrote in message
news:%23pBPOphKIHA.5860@TK2MSFTNGP04.phx.gbl...
> Thank you very much, Michael & Brian, for your comments!
>
> "Michael Bednarek" <mbATmbednarek.com@BLACKHOLESPAM.NET> wrote in message
> news:dl90k3pqp3b146gnp85v5d9383hn0vbv32@4ax.com...
>> On Sat, 17 Nov 2007 15:18:12 -0600, michael brooks wrote in
>> microsoft.public.security:
>>
>>>This question relates to largely to IE, but I'm only posting it here
>>>since
>>>maybe it relates in part to Windows (XP) generally.
>>>
>>>IE offers the convenient feature of remembering passwords. I'm wondering
>>>how
>>>secure these are, assuming that no one can guess the password to my
>>>Windows
>>>XP account.
>> [snip]
>>
>> AFAIK Cain (<http://www.oxid.it/cain.html>) can easily show all those
>> passwords. I think it's safe to assume that everything on a PC can be
>> extracted by an attacker with physical access to it.
>>
>> --
>> Michael Bednarek http://mbednarek.com/ "POST NO BILLS"
>
>
 
You must log in or register to reply here.

Similar threads

B
Can Edge passwords be restored via local files?
Replies
0
Views
40
Beth.W
B
P
Trojan:BAT/PS.Runner.VS!MSR causing powershell to launch often for a couple of weeks on it's own and setting windows defender off
Replies
0
Views
32
philip foreman
P
B
Where are Edge passwords saved in files?
Replies
0
Views
41
Beth.W
B
Y
Compiling a list of certificates stored in an Azure subscription
Replies
0
Views
22
Yocef
Y
P
I cannot get my computers to connect
Replies
0
Views
42
Promptx
P
Back
Top Bottom