Help2Go.com

Do NOT Let Internet Explorer Remember Your Passwords!

by Oscar Sodani
November 3, 2007

One of the most-used features of web browsers is its ability to remember your web site passwords. After all, why should you have to remember dozens and dozens of usernames and passwords for the web sites you visit?

The problem is, while Mozilla Firefox encrypts all of your passwords, and can protect them with a master password, Internet Explorer does not encrypt your passwords. In fact, with a simple free program you can download right now, you can view all of the passwords you ever asked Internet Explorer to save (or someone else can!) 

It is very important to understand that if someone has access to your computer, and you set IE to remember passwords, they can quickly and easily look at every password for all your web sites - including banking, e-mail, and company intranets. This is true for all versions of Internet Explorer, right up to the latest version 7. 

I was notified of this while listening to Steve Gibson's excellent Security Now! podcast.  He vouches for the folks who created the utility that allows you to view your passwords . He doesn't think they mean any harm -  the utility is meant to recover your password if you forget it.

However, the security implications are clear - anyone who can walk up to your computer can quickly run this utility. Furthermore, it's no stretch to say that some types of malware (spyware, viruses, etc) may be looking at this data as well.

Recommendations:

First, obviously turn off AutoComplete in Internet Explorer. This site has a good tutorial

Second, if you want the feature to remember passwords, make the switch to Mozilla Firefox , a free web browser that is much more secure than Internet Explorer.