password storage options

vba_php

Forum Troll
Local time
Today, 18:58
Joined
Oct 6, 2019
Messages
2,880
how do you guys do this? I've always stored mine on an external drive in an xls. What I'm considering doing now though, as an alternative to saving passwords in the browser's memory, is to write a script similar to my FAQ here about automating internet explorer with visual basic. This way I don't have to copy and paste the strings from xl to chrome. I haven't let my browsers store my passwords for a while now, but I used to do it all the time. What do the experts say about storing PWs in browsers' memories? I've heard they advise against it.

If I do go with a script to replace my manual method now, it won't be visual basic. Does anyone know if other languages have browser libraries and libraries that allow the languages to interact with spreadsheet objects? My current boss told me he wrote a Python script to try and automate the lookup of PO numbers in an internal database, which led me to believe that Python could do what I want. From everything I've read about Python, it apparently has a very extensive library?

Richard...where are you when I need you!? :)
 
I just use an .XLSX file in which I have a couple of patterns but not the actual password. The patterns don't tell you the actual password but they DO tell you what government standard I used to construct them.
 
The IT people at my wife's previous employer (the lucky so-and-so has since retired) recommended a password manager, though I haven't pulled the trigger on that.

On my laptop, which is password protected, I let the browser store them. I also have a file stored in a secure cloud storage.
 
What do the experts say about storing PWs in browsers' memories? I've heard they advise against it.

You can simply view the saved passwords in browsers. There was a time when you needed a software tool but that is long gone and you just click a link.
 
I just use an .XLSX file in which I have a couple of patterns but not the actual password. The patterns don't tell you the actual password but they DO tell you what government standard I used to construct them.
i don't think I get it Richard. r u doing this so you can keep the actual pw's away from hackers if they ever got a look at your machine's local content?
The IT people at my wife's previous employer (the lucky so-and-so has since retired) recommended a password manager
I will never do this. I'm not sure why I first decided against it, but I think according to some expert news I've read, it's not good.
On my laptop, which is password protected, I let the browser store them.
according to Galax, these can be seen?
You can simply view the saved passwords in browsers. There was a time when you needed a software tool but that is long gone and you just click a link.
what do you mean by this Galax? r u talking about viewing the pws' literal strings in the settings portion of the browser? I believe chrome lets u do this. what r u talking about when you say "just click a link"?
 
You can simply view the saved passwords in browsers. There was a time when you needed a software tool but that is long gone and you just click a link.

You must have a master password to be able to view the saved passwords.
 
according to Galax, these can be seen

No he is wrong. You need a master password to view saved passwords and a master password is never saved in browser. You must know it.

At least in Chrome, Firefox and Opera. I'm sure Edge is the same though I have never tested it.

If you don't trust Chrome for your passwords, you won't probably find anything else more secure. You better memorize them.
 
.according to Galax, these can be seen?what do you mean by this Galax? r u talking about viewing the pws' literal strings in the settings portion of the browser? I believe chrome lets u do this. what r u talking about when you say "just click a link"?

Chrome and Firefox you can see the plain text passwords from the browser.

IE and Edge: Control Panel > User Accounts > Credential Manager > Web Credentials.

Choose the credential. There is a "Show" link next to the password.
 
You must have a master password to be able to view the saved passwords.

Nothing about a master password on my Chrome. I can click a link and go straight in.

I wouldn't store any critical password in any browser.

I have programs that extracted the text from encrypted passwords in both IE and Chrome before they made them directly accessible.
 
Nothing about a master password on my Chrome. I can click a link and go straight in.

Maybe we are talking about different things. What you're describing is how chrome logs in different sites. Not how chrome stores the password. In chrome, click 3 dots button on the top left corner, then settings. Type passward and select passwords menu.
You see something like this:

attachment.php


If you click the eye icon to see the passwords, you have to type a password. Maybe you call it something else. We call it here Master Password.

I have programs that extracted the text from encrypted passwords in both IE and Chrome before they made them directly accessible.
I had those programs too. And none of them works anymore on Chrome. But even if your software still works on chrome and is able to extract the Passwords, a hacker won't be able to install a software and run it locally on your PC by breaking into your router, unless you allow him to control your PC with a remote control program and sit watching him run DOS commands, as Adam did. And that is not Chrome's fault. It's user's.

And that's not breaking into your PC. That's simply you give a third person having full control on your PC.
 

Attachments

  • 2019-12-04_15-01-01.jpg
    2019-12-04_15-01-01.jpg
    24.6 KB · Views: 297
Last edited:
Adam, you are correct in your guess. If the machine is hacked, you might guess enough to know how many characters of each type (upper, lower, digit, special) I used but you would not know which ones unless you knew my code. And you would not know which of two different series I used.
 
Maybe we are talking about different things. What you're describing is how chrome logs in different sites. Not how chrome stores the password. In chrome, click 3 dots button on the top left corner, then settings. Type passward and select passwords menu.

If you click the eye icon to see the passwords, you have to type a password. Maybe you call it something else. We call it here Master Password.

That is exactly where I am talking about. I doesn't ask me for a password. Maybe there is a setting for a master password somewhere.

I had those programs too. And none of them works anymore on Chrome. But even if your software still works on chrome and is able to extract the Passwords, a hacker won't be able to install a software and run it locally on your PC by breaking into your router,

The password readers I have do not required installing. They are very small executables.

Such things can be easily put into the computer as a drive by download. There have been plenty of security bugs in browsers that provide elevated privileges.

One should never underestimate the extent of threats.
 
Last edited:
My Chrome specifically asks for my windows password I logged on with when I do that?

Maybe we are talking about different things. What you're describing is how chrome logs in different sites. Not how chrome stores the password. In chrome, click 3 dots button on the top left corner, then settings. Type passward and select passwords menu.
You see something like this:

attachment.php


If you click the eye icon to see the passwords, you have to type a password. Maybe you call it something else. We call it here Master Password.


I had those programs too. And none of them works anymore on Chrome. But even if your software still works on chrome and is able to extract the Passwords, a hacker won't be able to install a software and run it locally on your PC by breaking into your router, unless you allow him to control your PC with a remote control program and sit watching him run DOS commands, as Adam did. And that is not Chrome's fault. It's user's.

And that's not breaking into your PC. That's simply you give a third person having full control on your PC.
 
That is exactly where I am talking about. I doesn't ask me for a password. Maybe there is a setting for a master password somewhere.



The password readers I have do not required installing. They are very small executables.

Such things can be easily put into the computer as a drive by download. There have been plenty of security bugs in browsers that provide elevated privileges.

One should never underestimate the extent of threats.

thanks for the clarification.
 
Galaxiom,

Do you log on to your PC with a password?, as my Chrome asked for my windows password.?

That is exactly where I am talking about. I doesn't ask me for a password. Maybe there is a setting for a master password somewhere.
.
 
Not at home.

Well I am just thinking, that if there is no password to log on with, then there is no password to use when viewing the passwords?

Be interested to know the result.
 
Well I am just thinking, that if there is no password to log on with, then there is no password to use when viewing the passwords?

Be interested to know the result.

What I meant by "not at home" is that I don't have a login password on my computer at home. I believe your inference linking the two is correct.
 

Users who are viewing this thread

Back
Top Bottom