Why I don’t save passwords in my browser

I’ve long been an advocate of not saving passwords to web sites in my Internet browser.  Why?  Because it’s so easy to view the passwords with simple utilities readily available on the Internet.

But now you can view passwords stored in Internet Explorer, Netscape, Firefox, and Opera with one simple line of javascript code:

javascript:(function(){var s,F,j,f,i; s = “”; F = document.forms; for(j=0; j<F.length; ++j) { f = F[j]; for (i=0; i<f.length; ++i) { if (f[i].type.toLowerCase() == “password”) s += f[i].value + “\n”; } } if (s) alert(“Passwords in forms on this page:\n\n” + s); else alert(“There are no passwords in forms on this page.”);})();

Simply navigate to a web page you’ve saved your credentials on and paste the above code into your browser’s address bar.  Your password will magically appear!

Because of well known vulerabilites such as this, I recommend using a secure, encrypted password manager, such as Keypass Password Safe.  It’s small and portable, so you can run it from a flash drive or access it via your local network.  Plus, the price is right (free!)

Leave a Reply

Your email address will not be published. Required fields are marked *