[dba-SQLServer] Stored passwords

Mark Breen marklbreen at gmail.com
Mon Sep 26 04:44:27 CDT 2011


Hello All,

Just thought I would share an experience with you.

My brother (the security guy) dropped in on Friday morning.  I was working,
building a pc at another desk and not using my own machine.  He asked if he
could check his email.  I said work away.

Ten seconds later, he started calling out a bunch of my passwords that I use
for various services, websites etc.  Of course some of them overlap and are
the same passwords.  Can you guess how he did it?

In Chrome you click the wrench, personal stuff and manage saved passwords.
in FF you click Tools options, privacy and saved passwords
probably IE has it also, but who uses that !

No encryption, no hashing, just passwords in clear text.

So if someone gains access to your machine, you better hope you only have
saved your low security passwords in your browser.  Can you be 100% sure you
did not accidentally save one of your important passwords? Can you be sure
you will not do so in the future.  remember to check all browsers on your
machine.

It was quite surprising to hear Stephen simply shout out my passwords like
that, within 10 seconds of sitting down.

Mark



More information about the dba-SQLServer mailing list