Ie Passview Password Are Stored
Starting at Internet Explorer 7, password are stored in the system registry (KEY_CURRENT_USER\Software\Microsoft\Internet Explorer\IntelliForms\Storage2) and ciphered against the Windows user’s login password using the the Data Protection API which utilizes Triple DES encryption. To change the saved login id and password for a website on Internet Explorer, please try these steps:1.Type the first letter of your user name, auto-complete will bring up a box of choices.2.Highlight the username you want to delete. Hit the "delete" key.3.Another auto complete window will pop up saying, "Windows has a stored password for this user name.
Additionally, because the encrypted data is user specific no UAC prompt will be triggered by an application trying to access this data. If I scan the IE PassView utility using Virus Total, you can see 55% of the scanners they use detect it is malware (one of which is Security Essentials).While in our case the result is a false positive, this shows that it is possible for a piece of malware to access this data undetected even when the system runs anti-virus. I am not a malware developer, but I don’t see any reason it could not. Using a freely available utility such as NirSoft’s IE PassView, you can view and export every saved IE password.After seeing how easy it is to get to this data, the next logical question is can malware easily get to this data. As a result of IE not utilizing a master password (such as what Firefox offers) to protect its saved passwords, the respective Windows account password is the Triple DES decryption key.Simply put, if you can log in to Windows with the account and password, you can see the saved browser passwords. However, there really isn’t a need to brute force the encryption once you are logged into the Windows account where your password data is stored as Windows makes the assumption that once logged in it is safe for applications to access this data.
If you use no password, you have no protection.To take this a step further, I did a reset of the account password to see what would happen when the password was forcefully changed outside of Windows. As we have shown above, when you login to the account using the appropriate password all of this data is easily accessible. What if my computer is stolen?The simple answer is this data is as secure as your Windows account password.
If someone gets your Windows account password then they have access to your saved IE passwords. Keep in mind, there are utilities which can decipher Windows passwords. Use a very strong Windows account password. This is definitely a good thing.At the end of the day, the security of your IE saved passwords depends totally on the user: “master password”) used to save the data are different, it was not able to decrypt the IE password saved under the previous Windows account password. I was able to see the previous user name which was saved before the password was reset, but because the account passwords (i.e.
Encrypt your entire hard drive using TrueCrypt. Use a 3rd party utility which integrates with IE and uses a master password to manage your passwords. Of course, you loose the convenience of having the browser auto-fill your passwords. Save your passwords in a password management system such as KeePass. If utilities are able to easily access your saved passwords, why can’t malware?
0 kommentar(er)
