A convenient risk

BY J. CARLTON COLLINS, CPA

Q: When I enter a password into my browser, Windows offers to save that password for me. Is this safe, and what exactly happens to this password when I allow Windows to save it?

A: Allowing Windows to save your password is convenient, but this is safe only as long as you protect your Windows password. As an example, assume I let my friend borrow my laptop, and I give him my Windows login password. At this point, he could harvest all of my saved passwords in seconds, as follows:

He would start by launching Credential Manager from Control Panel to display the following screen.

 

Next, he would select an item from the Web Credentials list, and then click the Show button and enter my Windows login password to display the item’s password.

 

For example, notice in the screenshot above that my friend could obtain both my Amazon login name and password (by clicking Show). Armed with this information, he would be then free to log in to my Amazon account, make purchases (if credit card details are saved to the Amazon account), and redirect those purchases to a different address. He could even add gift wrapping so the purchases appear as if I were sending him a gift.

To be super sneaky, my unscrupulous friend might even review my recent Amazon orders and then purchase the same item, sending it to himself; that way when I later see the bogus charge, I might not realize it’s a duplicate.

This problem is not limited to your computer. Depending on your settings, your tablets and smartphones are likely vulnerable as well. Only you can decide whether the added convenience of memorized passwords is worth the risk of saving them to your device, but either way, always make sure to protect your device’s login password.

J. Carlton Collins ( carlton@asaresearch.com ) is a technology consultant, CPE instructor, and a JofA contributing editor.

Submit a question
Do you have technology questions for this column? Or, after reading an answer, do you have a better solution? Send them to jofatech@aicpa.org. We regret being unable to individually answer all submitted questions.

SPONSORED REPORT

Cybersecurity threats proliferating for midsize and smaller businesses

This report details how SMBs can properly protect private information from breaches, design and implement a cybersecurity policy, and create safeguards for training and education.

QUIZ

Test yourself on these often confused words

The spelling checker on your word processing program can do only so much to flag problems. Your best insurance is to learn the troublesome words that trip up writers and use them correctly by the standards of formal, written English.