How Secure are Password Fields in Forms?
Join the Discussion
One email that I received asking for help was from a woman whose son had recently died. She knew that he had the passwords for various web sites stored in the computer and needed a way to find out what the passwords were so that she could change them. From her description it sounded like her son had been using the option within the web browser to store all of the passwords so as to fill out the forms automatically for logging into the various sites.
The thing that makes this slightly awkward is that all of the web pages usually use a password field that displays a row of asterisks instead of the password and so you can't read the password straight out of the form. It does this for security reasons to stop someone looking over your shoulder and seeing your password. Security varies between browsers as to how securly they store these passwords. In this instance Internet Explorer is way more secure than Firefox because IE stores the passwords in an encrypted format in the registry while Firefox provides a "Show Passwords" option in the browser settings that will allow anyone to see exactly what all of your passwords are.
We can do this with a simple bookmarklet script (or favelet as you might call it if using IE).
Simply right click on the following link and save it to your Favorites/Bookmarks menu. Once you have done that go to a page where you have a password that displays as asterisks and then run the script from the menu. The script will locate any password fields in the page and display an alert for each showing the content in plain text.
Note that this particular version will not work if the page uses frames.
Also note that I wrote this script for the purpose indicated at the top of this page. I do not grant you permission to use this script for any other purpose.