1. This Board Rocks has been moved to a new domain: CarolinaPanthersForum.com

    All member accounts remain the same.

    Most of the content is here, as well. Except that the Preps Forum has been split off to its own board at: http://www.prepsforum.com

    Welcome to the new Carolina Panthers Forum!

    Dismiss Notice

Passwords stored clear text?

Discussion in 'Technology Forum' started by SemperFi, Mar 26, 2002.

  1. Mar 26, 2002 at 5:01 PM #1
    SemperFi

    SemperFi Full Access Member

    Posts:
    1,549
    Likes Received:
    0
    Joined:
    Feb 8, 2002
    When you enter a password on a web page that is not a secure page does it store the password in a clear text file in Windows 2000?
     
  2. Mar 27, 2002 at 5:03 PM #2
    The Brain

    The Brain Defiler of Cornflakes

    Posts:
    32,125
    Likes Received:
    1
    Joined:
    Jan 8, 2003
    Location:
    Over There ---->
    I'm a little confused by the question could you ellaborate a little more for me?
     
  3. Mar 27, 2002 at 8:27 PM #3
    mathmajors

    mathmajors Roll Wave

    Age:
    55
    Posts:
    42,103
    Likes Received:
    0
    Joined:
    Jan 8, 2003
    I'm not sure what you mean, but it sounds like a question about the browser, not necessarily the OS.
     
  4. Mar 28, 2002 at 9:05 AM #4
    jasper

    jasper Guest

    As for passwords on web sites, there are 3 issues: 1. is the password stored by your browser (and if so, how), 2. how is the password transmitted to the server serving the site you are logging in to, and 3. how is the password stored on that server.

    1. If you set your browser to save passwords that you enter into websites, then (at least with IE) the browser will store that data in the windows registry, and it looks to be encrypted. I'm not sure about Netscape or Opera, but I'm sure they probably have a similar setup. To be honest, the best thing to do is turn that password-storage feature off. That feature alone will not let anyone across the internet get your passwords, but anyone who sits down at your computer can get into any sites that you have saved the password on

    2. If the login page you are typing your password into is secure (has SSL enabled, the little padlock icon show up in the bottom of IE, etc.), then the password will be encrypted when it is sent across the internet to that server. However, if it is not secure (no SSL), then it is very likely that your password is being sent in clear text and could be "sniffed" easily.

    3. Usually, servers that host password-protected sites store user and password information in a database. The information in the database is not likely to be encrypted, but usually the database is available only to a select few people within the organization. However, sometimes some of the more inexperienced people out there might leave that databse vulnerable to hack or even download.

    In general, I try to keep others from finding out my passwords by 1. never allowing the browser to store them (although that appears to be safe) 2. trying to only log in to sites that have SSL and 3. if I'm not sure about the security level of the site, then I don't use my "normal" password (you know, that I use for the bank websites and stuff).

    Whew. I need a beer now. :wasted:
     
  5. Mar 28, 2002 at 11:08 AM #5
    mathmajors

    mathmajors Roll Wave

    Age:
    55
    Posts:
    42,103
    Likes Received:
    0
    Joined:
    Jan 8, 2003
    Uh, yeah. Like I said, it sounds like a question about the browser, not necessarily the OS.

    Enjoy that beer, jasper.
     

Share This Page