Q: When I enter a password into my browser, Windows offers to save that password for me. Is this safe, and what exactly happens to this password when I allow Windows to save it?
A: Allowing Windows to save your password is convenient, but this is safe only as long as you protect your Windows password. As an example, assume I let my friend borrow my laptop, and I give him my Windows login password. At this point, he could harvest all of my saved passwords in seconds, as follows:
He would start by launching Credential Manager from Control Panel to display the following screen.
Next, he would select an item from the Web Credentials list, and then click the Show button and enter my Windows login password to display the item’s password.
For example, notice in the screenshot above that my friend could obtain both my Amazon login name and password (by clicking Show). Armed with this information, he would be then free to log in to my Amazon account, make purchases (if credit card details are saved to the Amazon account), and redirect those purchases to a different address. He could even add gift wrapping so the purchases appear as if I were sending him a gift.
To be super sneaky, my unscrupulous friend might even review my recent Amazon orders and then purchase the same item, sending it to himself; that way when I later see the bogus charge, I might not realize it’s a duplicate.
This problem is not limited to your computer. Depending on your
settings, your tablets and smartphones are likely vulnerable as well.
Only you can decide whether the added convenience of memorized
passwords is worth the risk of saving them to your device, but either
way, always make sure to protect your device’s login password.
J. Carlton Collins ( email@example.com ) is a technology consultant, CPE instructor, and a JofA contributing editor.
Submit a question
Do you have technology questions for this column? Or, after reading an answer, do you have a better solution? Send them to firstname.lastname@example.org. We regret being unable to individually answer all submitted questions.