[dba-SQLServer] Stored passwords

Stuart McLachlan stuart at lexacorp.com.pg
Mon Sep 26 07:03:25 CDT 2011 

Which is why I never save bank etc logins in my browser.

-- 
Stuart

On 26 Sep 2011 at 7:40, jwcolby wrote:

> LOL, yea Firefox does the same thing.  Not only that but each password
> is associated with the username and web site.  so the list says
> Website, Username, password.  Pretty much a shopping list of where to
> go and how to get in.
> 
> John W. Colby
> www.ColbyConsulting.com
> 
> On 9/26/2011 5:44 AM, Mark Breen wrote:
> > Hello All,
> >
> > Just thought I would share an experience with you.
> >
> > My brother (the security guy) dropped in on Friday morning.  I was
> > working, building a pc at another desk and not using my own machine.
> >  He asked if he could check his email.  I said work away.
> >
> > Ten seconds later, he started calling out a bunch of my passwords
> > that I use for various services, websites etc.  Of course some of
> > them overlap and are the same passwords.  Can you guess how he did
> > it?
> >
> > In Chrome you click the wrench, personal stuff and manage saved
> > passwords. in FF you click Tools options, privacy and saved
> > passwords probably IE has it also, but who uses that !
> >
> > No encryption, no hashing, just passwords in clear text.
> >
> > So if someone gains access to your machine, you better hope you only
> > have saved your low security passwords in your browser.  Can you be
> > 100% sure you did not accidentally save one of your important
> > passwords? Can you be sure you will not do so in the future. 
> > remember to check all browsers on your machine.
> >
> > It was quite surprising to hear Stephen simply shout out my
> > passwords like that, within 10 seconds of sitting down.
> >
> > Mark
> > _______________________________________________
> > dba-SQLServer mailing list
> > dba-SQLServer at databaseadvisors.com
> > http://databaseadvisors.com/mailman/listinfo/dba-sqlserver
> > http://www.databaseadvisors.com
> >
> >
> _______________________________________________
> dba-SQLServer mailing list
> dba-SQLServer at databaseadvisors.com
> http://databaseadvisors.com/mailman/listinfo/dba-sqlserver
> http://www.databaseadvisors.com
> 
>

More information about the dba-SQLServer mailing list