A convenient risk

BY J. CARLTON COLLINS, CPA

Q: When I enter a password into my browser, Windows offers to save that password for me. Is this safe, and what exactly happens to this password when I allow Windows to save it?

A: Allowing Windows to save your password is convenient, but this is safe only as long as you protect your Windows password. As an example, assume I let my friend borrow my laptop, and I give him my Windows login password. At this point, he could harvest all of my saved passwords in seconds, as follows:

He would start by launching Credential Manager from Control Panel to display the following screen.

 

Next, he would select an item from the Web Credentials list, and then click the Show button and enter my Windows login password to display the item’s password.

 

For example, notice in the screenshot above that my friend could obtain both my Amazon login name and password (by clicking Show). Armed with this information, he would be then free to log in to my Amazon account, make purchases (if credit card details are saved to the Amazon account), and redirect those purchases to a different address. He could even add gift wrapping so the purchases appear as if I were sending him a gift.

To be super sneaky, my unscrupulous friend might even review my recent Amazon orders and then purchase the same item, sending it to himself; that way when I later see the bogus charge, I might not realize it’s a duplicate.

This problem is not limited to your computer. Depending on your settings, your tablets and smartphones are likely vulnerable as well. Only you can decide whether the added convenience of memorized passwords is worth the risk of saving them to your device, but either way, always make sure to protect your device’s login password.

J. Carlton Collins ( carlton@asaresearch.com ) is a technology consultant, CPE instructor, and a JofA contributing editor.

Submit a question
Do you have technology questions for this column? Or, after reading an answer, do you have a better solution? Send them to jofatech@aicpa.org. We regret being unable to individually answer all submitted questions.

SPONSORED REPORT

How to make the most of a negotiation

Negotiators are made, not born. In this sponsored report, we cover strategies and tactics to help you head into 2017 ready to take on business deals, salary discussions and more.

VIDEO

Will the Affordable Care Act be repealed?

The results of the 2016 presidential election are likely to have a big impact on federal tax policy in the coming years. Eddie Adkins, CPA, a partner in the Washington National Tax Office at Grant Thornton, discusses what parts of the ACA might survive the repeal of most of the law.

COLUMN

Deflecting clients’ requests for defense and indemnity

Client requests for defense and indemnity by the CPA firm are on the rise. Requests for such clauses are unnecessary and unfair, and, in some cases, are unenforceable.