When you check the auto-complete option in Windows internet explorer,
you just opened yourself up to a mess of potential problems. Internet
explorer stores all of the user names and passwords that you tell it to
learn, in a single flat-file that is unencrypted and can be easily read
by a variety of program.
I was installing a password managing program this morning and during one step of the installation process, I unexpectedly saw that all of my user names and passwords popped up completely visible. What this means is that if someone gained access to your computer, they could have full access to any password that you saved in auto-complete with internet explorer. It wouldn’t take someone with the least bit technically competency to steal all of this information.
As far as data vulnerabilities go, this is about as big as it gets. Imagine that if someone logged onto your computer, they could access your online email, bank account, car insurance, and every other place where you clicked ‘Save Password’.
Do yourself some good and get a password management program, or just remember your passwords. It is so irresponsible for Microsoft to release a new internet browser and not encrypt information like this. Both internet explorer 6 and 7 store passwords without any encryption.
How to store passwords securely in FireFox (FireFox still auto-completes, but password file is encrypted and unreadable).
How to clear passwords in Internet Explorer 6 »
How to clear passwords in Internet Explorer 7 »
UPDATE ON THIS:
Before this gets out of hand, I want to clarify that the passwords are actually not stored in a flat file, but rather in a section of the computer’s registry. They are also not readable under every circumstance, but in my case and probably many other people’s, the user names and passwords can be easily extracted by the correct program. I read an incorrect source, that at the time seemed credible which I will reference if I can find it again. I apologize for the error.
