A convenient risk


Q: When I enter a password into my browser, Windows offers to save that password for me. Is this safe, and what exactly happens to this password when I allow Windows to save it?

A: Allowing Windows to save your password is convenient, but this is safe only as long as you protect your Windows password. As an example, assume I let my friend borrow my laptop, and I give him my Windows login password. At this point, he could harvest all of my saved passwords in seconds, as follows:

He would start by launching Credential Manager from Control Panel to display the following screen.


Next, he would select an item from the Web Credentials list, and then click the Show button and enter my Windows login password to display the item’s password.


For example, notice in the screenshot above that my friend could obtain both my Amazon login name and password (by clicking Show). Armed with this information, he would be then free to log in to my Amazon account, make purchases (if credit card details are saved to the Amazon account), and redirect those purchases to a different address. He could even add gift wrapping so the purchases appear as if I were sending him a gift.

To be super sneaky, my unscrupulous friend might even review my recent Amazon orders and then purchase the same item, sending it to himself; that way when I later see the bogus charge, I might not realize it’s a duplicate.

This problem is not limited to your computer. Depending on your settings, your tablets and smartphones are likely vulnerable as well. Only you can decide whether the added convenience of memorized passwords is worth the risk of saving them to your device, but either way, always make sure to protect your device’s login password.

J. Carlton Collins ( carlton@asaresearch.com ) is a technology consultant, CPE instructor, and a JofA contributing editor.

Submit a question
Do you have technology questions for this column? Or, after reading an answer, do you have a better solution? Send them to jofatech@aicpa.org. We regret being unable to individually answer all submitted questions.


Year-end tax planning and what’s new for 2016

Practitioners need to consider several tax planning opportunities to review with their clients before the end of the year. This report offers strategies for individuals and businesses, as well as recent federal tax law changes affecting this year’s tax returns.


News quiz: Retirement planning, tax practice, and fraud risk

Recent reports focused on a survey that gauges the worries about retirement among CPA financial planners’ clients, a suit that affects tax practitioners, and a guide that offers advice on fraud risk. See how much you know with this short quiz.


Bolster your data defenses

As you weather the dog days of summer, it’s a good time to make sure your cybersecurity structure can stand up to the heat of external and internal threats. Here are six steps to help shore up your systems.