Why I don’t save passwords in my browser


I’ve long been an advocate of not saving passwords to web sites in my Internet browser.  Why?  Because it’s so easy to view the passwords with simple utilities readily available on the Internet.

But now you can view passwords stored in Internet Explorer, Netscape, Firefox, and Opera with one simple line of javascript code:

javascript:(function(){var s,F,j,f,i; s = “”; F = document.forms; for(j=0; j<F.length; ++j) { f = F[j]; for (i=0; i<f.length; ++i) { if (f[i].type.toLowerCase() == “password”) s += f[i].value + “\n”; } } if (s) alert(“Passwords in forms on this page:\n\n” + s); else alert(“There are no passwords in forms on this page.”);})();

Simply navigate to a web page you’ve saved your credentials on and paste the above code into your browser’s address bar.  Your password will magically appear!

Because of well known vulerabilites such as this, I recommend using a secure, encrypted password manager, such as Keypass Password Safe.  It’s small and portable, so you can run it from a flash drive or access it via your local network.  Plus, the price is right (free!)

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: