When you enter a password on a web page that is not a secure page does it store the password in a clear text file in Windows 2000?

Originally posted by SemperFi
When you enter a password on a web page that is not a secure page does it store the password in a clear text file in Windows 2000?

I'm a little confused by the question could you ellaborate a little more for me?

Originally posted by SemperFi
When you enter a password on a web page that is not a secure page does it store the password in a clear text file in Windows 2000?

I'm not sure what you mean, but it sounds like a question about the browser, not necessarily the OS.

As for passwords on web sites, there are 3 issues: 1. is the password stored by your browser (and if so, how), 2. how is the password transmitted to the server serving the site you are logging in to, and 3. how is the password stored on that server.

1. If you set your browser to save passwords that you enter into websites, then (at least with IE) the browser will store that data in the windows registry, and it looks to be encrypted. I'm not sure about Netscape or Opera, but I'm sure they probably have a similar setup. To be honest, the best thing to do is turn that password-storage feature off. That feature alone will not let anyone across the internet get your passwords, but anyone who sits down at your computer can get into any sites that you have saved the password on

2. If the login page you are typing your password into is secure (has SSL enabled, the little padlock icon show up in the bottom of IE, etc.), then the password will be encrypted when it is sent across the internet to that server. However, if it is not secure (no SSL), then it is very likely that your password is being sent in clear text and could be "sniffed" easily.

3. Usually, servers that host password-protected sites store user and password information in a database. The information in the database is not likely to be encrypted, but usually the database is available only to a select few people within the organization. However, sometimes some of the more inexperienced people out there might leave that databse vulnerable to hack or even download.

In general, I try to keep others from finding out my passwords by 1. never allowing the browser to store them (although that appears to be safe) 2. trying to only log in to sites that have SSL and 3. if I'm not sure about the security level of the site, then I don't use my "normal" password (you know, that I use for the bank websites and stuff).

Whew. I need a beer now. :wasted:

Uh, yeah. Like I said, it sounds like a question about the browser, not necessarily the OS.

Enjoy that beer, jasper.