1. Technology

Your suggestion is on its way!

An email with a link to:

http://javascript.about.com/library/blpassword.htm

was emailed to:

Thanks for sharing About.com with others!

How Secure are Password Fields in Forms?

Join the Discussion

Questions? Comments?

One email that I received asking for help was from a woman whose son had recently died. She knew that he had the passwords for various web sites stored in the computer and needed a way to find out what the passwords were so that she could change them. From her description it sounded like her son had been using the option within the web browser to store all of the passwords so as to fill out the forms automatically for logging into the various sites.

The thing that makes this slightly awkward is that all of the web pages usually use a password field that displays a row of asterisks instead of the password and so you can't read the password straight out of the form. It does this for security reasons to stop someone looking over your shoulder and seeing your password. Security varies between browsers as to how securly they store these passwords. In this instance Internet Explorer is way more secure than Firefox because IE stores the passwords in an encrypted format in the registry while Firefox provides a "Show Passwords" option in the browser settings that will allow anyone to see exactly what all of your passwords are.

Even with Internet Explorer all is not lost though because those password fields in your forms are not really very secure since the actual value that is in the field is still in a readable format even though all the field displays are asterisks. All that we need to do is to use a small piece of JavaScript to locate the password field and display the value that it contains in something that isn't a password field - like say an alert popup.

We can do this with a simple bookmarklet script (or favelet as you might call it if using IE).

Simply right click on the following link and save it to your Favorites/Bookmarks menu. Once you have done that go to a page where you have a password that displays as asterisks and then run the script from the menu. The script will locate any password fields in the page and display an alert for each showing the content in plain text.

Note that this particular version will not work if the page uses frames.

Also note that I wrote this script for the purpose indicated at the top of this page. I do not grant you permission to use this script for any other purpose.

See More About

©2014 About.com. All rights reserved.