A convenient risk

BY J. CARLTON COLLINS, CPA

Q: When I enter a password into my browser, Windows offers to save that password for me. Is this safe, and what exactly happens to this password when I allow Windows to save it?

A: Allowing Windows to save your password is convenient, but this is safe only as long as you protect your Windows password. As an example, assume I let my friend borrow my laptop, and I give him my Windows login password. At this point, he could harvest all of my saved passwords in seconds, as follows:

He would start by launching Credential Manager from Control Panel to display the following screen.

 

Next, he would select an item from the Web Credentials list, and then click the Show button and enter my Windows login password to display the item’s password.

 

For example, notice in the screenshot above that my friend could obtain both my Amazon login name and password (by clicking Show). Armed with this information, he would be then free to log in to my Amazon account, make purchases (if credit card details are saved to the Amazon account), and redirect those purchases to a different address. He could even add gift wrapping so the purchases appear as if I were sending him a gift.

To be super sneaky, my unscrupulous friend might even review my recent Amazon orders and then purchase the same item, sending it to himself; that way when I later see the bogus charge, I might not realize it’s a duplicate.

This problem is not limited to your computer. Depending on your settings, your tablets and smartphones are likely vulnerable as well. Only you can decide whether the added convenience of memorized passwords is worth the risk of saving them to your device, but either way, always make sure to protect your device’s login password.

J. Carlton Collins ( carlton@asaresearch.com ) is a technology consultant, CPE instructor, and a JofA contributing editor.

Submit a question
Do you have technology questions for this column? Or, after reading an answer, do you have a better solution? Send them to jofatech@aicpa.org. We regret being unable to individually answer all submitted questions.

SPONSORED REPORT

Revenue recognition: A complex effort

Implementing the new standard requires careful judgment. Learn how to make significant accounting judgments and document them and collaborate with peers for consistent application.

TECHNOLOGY Q&A

How to create maps in Excel 2016

Microsoft Excel 2016 has two new mapping capabilities. J. Carlton Collins, CPA, demonstrates how to make masterful 2D and 3D maps in Excel 2016.

QUIZ

News quiz: Economy and health care changes top CPAs’ list

CPA decision-makers’ economic outlook and the House Republicans’ proposed tax changes as part of replacing the Patient Protection and Affordable Care Act received attention recently. See how much you know with this short quiz.