Browsers asking computer authentication to reveal saved passwords is useless


VentsDragon

VentsDragon

New member
Local time
7:05 AM
Posts
2
OS
Windows
So as you know, many browsers ask you to type in your computer password or other authentication method in order to reveal the said saved password. Does anyone know why this feature even exists? It is completly useless.

To illustrate how it is useless I have put up a test login with my username "user" and password "password".

Here is what it looks like when I select the autofill for instance:
login form.PNG

And all I have to do is open inspect element, select the password tab and change type="password" into type="text"
login form 2.PNG
And when I change the type from password to text, my password is displayed without any authentication, can someone explain why this feature exists if it does not seem to really protect my password?
login form 3.PNG
 

My Computer

System One

  • OS
    Windows
You said "useless" but what you seem to be worried about is that it is insecure.

Many browsers require use of an overarching 'Primary password' to stop passwords being extracted in plain text to everyone.
When I recently tested Edge, I found that online tools could easily extract passwords despite the existence of a 'Primary password'.
I've seen several posts that say that all browser security can be cracked and that the only safe method is use of a specialist Password manager. If you search ElevenForum & TenForums you'll find suggestions about which are the better Password managers.


Denis
 
Last edited:

My Computer

System One

  • OS
    Windows 11 Home x64 Version 23H2 Build 22631.3447
🤔 are you asking what good are the hashes for? If so, they’re to stop people who look over your shoulder from seeing your password.
You can change whatever you like in that element, it’s still only visible to you. How does this affect you? I’m not sure what you mean?

Edit.
I am such a slow typer.
 

My Computers

System One System Two

  • OS
    Windows 11 Pro 23H2 Build 22631.5472
    Computer type
    PC/Desktop
    Manufacturer/Model
    Sin-built
    CPU
    Intel(R) Core(TM) i7-4770K CPU @ 3.50GHz (4th Gen?)
    Motherboard
    ASUS ROG Maximus VI Formula
    Memory
    32.0 GB of I forget and the box is in storage.
    Graphics Card(s)
    Gigabyte nVidia GeForce GTX 1660 Super OC 6GB
    Sound Card
    Onboard
    Monitor(s) Displays
    5 x LG 25MS500-B - 1 x 24MK430H-B - 1 x Wacom Pro 22" Tablet
    Screen Resolution
    All over the place
    Hard Drives
    Too many to list.
    OS on Samsung 1TB 870 QVO SATA
    PSU
    Silverstone 1500
    Case
    NZXT Phantom 820 Full-Tower Case
    Cooling
    Noctua NH-D15 Elite Class Dual Tower CPU Cooler / 6 x EziDIY 120mm / 2 x Corsair 140mm somethings / 1 x 140mm Thermaltake something / 2 x 200mm Corsair.
    Keyboard
    Corsair K95 / Logitech diNovo Edge Wireless
    Mouse
    Logitech: G402 / G502 / Mx Masters / MX Air Cordless
    Internet Speed
    1000/400Mbps
    Browser
    All sorts
    Antivirus
    Kaspersky Premium
    Other Info
    I’m on a horse.
  • Operating System
    Windows 11 Pro 23H2 Build: 22631.4249
    Computer type
    Laptop
    Manufacturer/Model
    LENOVO Yoga 7i EVO OLED 14" Touchscreen i5 12 Core 16GB/512GB
    CPU
    Intel Core 12th Gen i5-1240P Processor (1.7 - 4.4GHz)
    Memory
    16GB LPDDR5 RAM
    Graphics card(s)
    Intel Iris Xe Graphics Processor
    Sound Card
    Optimized with Dolby Atmos®
    Screen Resolution
    QHD 2880 x 1800 OLED
    Hard Drives
    M.2 512GB
    Antivirus
    Defender / Malwarebytes
    Other Info
    …still on a horse.
But you have it turned on 👀

Google password manager > Settings > turn off 'Use Windows Hello when filling passwords'

Not the first time a feature like this made the “Default ON” list..

Re-Opening your browser on a reboot to the last page you had opened let scammers run wild on Windows for years, and Google left that one on too..

They don’t always make the best decisions..
 

My Computer

System One

  • OS
    PE
BobOmb said:
Google password manager > Settings > turn off 'Use Windows Hello when filling passwords'
Click to expand...
Locking down autofill prevents password stealers from grabbing your passwords easily.
 

My Computer

System One

  • OS
    Windows 11 Home Insider Canary
    Computer type
    PC/Desktop
    CPU
    AMD Ryzen 5 8600G (07/24)
    Motherboard
    ASROCK B650M-HDV/M.2 3.25 (07/24)
    Memory
    2x32GB Kingston FURY DDR5 5600 MHz CL36 @5200 CL40 (07/24)
    Graphics Card(s)
    ASROCK Radeon RX 6600 Challenger D 8G @48FPS (08/24)
    Sound Card
    Creative Sound BlasterX AE-5 Plus (05/24)
    Monitor(s) Displays
    24" Philips 24M1N3200ZS/00 (05/24)
    Screen Resolution
    1920×1080@165Hz via DP1.4
    Hard Drives
    Kingston KC3000 NVMe 2TB (05/24)
    ADATA XPG GAMMIX S11 Pro 512GB (07/19)
    PSU
    Seasonic Core GM 550 Gold (04/24)
    Case
    Fractal Design Define 7 Mini with 3x Noctua NF-P14s/12@555rpm (04/24)
    Cooling
    Noctua NH-U12S with Noctua NF-P12 (04/24)
    Keyboard
    HP Pavilion Wired Keyboard 300 (07/24) + Rabalux 76017 Parker (01/24)
    Mouse
    Logitech M330 Silent Plus (04/23)
    Internet Speed
    500/100 Mbps via RouterOS (05/21) & TCP Optimizer
    Browser
    Edge & Brave for YouTube & LibreWolf for FB
    Antivirus
    NextDNS blocking 95% TLDs
    Other Info
    Backup: Hasleo Backup Suite (PreOS)
    Headphones: Sennheiser RS170 (09/10)
    Phone: Samsung Galaxy Xcover 7 (02/24)
    Chair: Huzaro Force 4.4 Grey Mesh (05/24)
    Notifier: Xiaomi Mi Band 9 Milanese (10/24)
    2nd Monitor: AOC G2460VQ6 @75Hz (02/19)
TairikuOkami said:
Locking down autofill prevents password stealers from grabbing your passwords easily.
Click to expand...
I'm pretty sure he just demonstrated how to defeat it easily, load any page in the list then text replace the html and save the output... I mean thats the OP, a short script should be able to handle that..
 

My Computer

System One

  • OS
    PE
I totally agree with @Try3. From a security standpoint, disabling "ask to save passwords" in browsers and using a password manager is the only way to go. One should make the master password that accesses any password manager VERY difficult. But all password managers are not equal.

Which is your preferred password manager software? 2nd Edition. New and improved

After some very valid criticism of the previous poll, I have decided to try again. I have just re-read every post in the old thread and noted all the password managers mentioned in the comments. As I can only have ten possible responses I don't want "Other" or "None of the above" I have also...
www.elevenforum.com www.elevenforum.com
 

My Computers

System One System Two

  • OS
    Windows 11 Pro 24H2 26100.4061
    Computer type
    PC/Desktop
    Manufacturer/Model
    Dell Optiplex 7080
    CPU
    i9-10900 10 core 20 threads
    Motherboard
    DELL 0J37VM
    Memory
    32 gb
    Graphics Card(s)
    none-Intel UHD Graphics 630
    Sound Card
    Integrated Realtek
    Monitor(s) Displays
    Benq 27
    Screen Resolution
    2560x1440
    Hard Drives
    2x1tb Solidigm m.2 nvme /External drives 512gb Samsung m.2 sata+2tb Kingston m2.nvme
    PSU
    500w
    Case
    MT
    Cooling
    Dell Premium
    Keyboard
    Logitech wired
    Mouse
    Logitech wireless
    Internet Speed
    so slow I'm too embarrassed to tell
    Browser
    #1 Edge #2 Firefox
    Antivirus
    Defender+MWB Premium
  • Operating System
    Windows 11 Pro 24H2 26100.4061
    Computer type
    PC/Desktop
    Manufacturer/Model
    Beelink Mini PC SER5
    CPU
    AMD Ryzen 7 6800U
    Memory
    32 gb
    Graphics card(s)
    integrated
    Sound Card
    integrated
    Monitor(s) Displays
    Benq 27
    Screen Resolution
    2560x1440
    Hard Drives
    1TB Crucial nvme
    Keyboard
    Logitech wired
    Mouse
    Logitech wireless
    Internet Speed
    still too embarrassed to tell
    Browser
    Firefox
    Antivirus
    Defender
    Other Info
    System 3 is non compliant Dell 9020 i7-4770/24gb ram Win11 PRO 26100.4061
glasskuter said:
I totally agree with @Try3. From a security standpoint, disabling "ask to save passwords" in browsers and using a password manager is the only way to go. One should make the master password that accesses any password manager VERY difficult. But all password managers are not equal.

Which is your preferred password manager software? 2nd Edition. New and improved

After some very valid criticism of the previous poll, I have decided to try again. I have just re-read every post in the old thread and noted all the password managers mentioned in the comments. As I can only have ten possible responses I don't want "Other" or "None of the above" I have also...
www.elevenforum.com www.elevenforum.com
Click to expand...
No one can hack a piece of paper. Passwords I care about are the one thing I do not store inside the computer.
 

My Computer

System One

  • OS
    PE
BobOmb said:
No one can hack a piece of paper.
Click to expand...
I would wager that some of the passwords you have on that paper are simple enough that hacking software could break them in less than 10 minutes. I would also bet that your piece of paper is kept within close proximity to your computer. There are some here that still do it the paper way but if you do, at least take extra precautions.
 

My Computers

System One System Two

  • OS
    Windows 11 Pro 24H2 26100.4061
    Computer type
    PC/Desktop
    Manufacturer/Model
    Dell Optiplex 7080
    CPU
    i9-10900 10 core 20 threads
    Motherboard
    DELL 0J37VM
    Memory
    32 gb
    Graphics Card(s)
    none-Intel UHD Graphics 630
    Sound Card
    Integrated Realtek
    Monitor(s) Displays
    Benq 27
    Screen Resolution
    2560x1440
    Hard Drives
    2x1tb Solidigm m.2 nvme /External drives 512gb Samsung m.2 sata+2tb Kingston m2.nvme
    PSU
    500w
    Case
    MT
    Cooling
    Dell Premium
    Keyboard
    Logitech wired
    Mouse
    Logitech wireless
    Internet Speed
    so slow I'm too embarrassed to tell
    Browser
    #1 Edge #2 Firefox
    Antivirus
    Defender+MWB Premium
  • Operating System
    Windows 11 Pro 24H2 26100.4061
    Computer type
    PC/Desktop
    Manufacturer/Model
    Beelink Mini PC SER5
    CPU
    AMD Ryzen 7 6800U
    Memory
    32 gb
    Graphics card(s)
    integrated
    Sound Card
    integrated
    Monitor(s) Displays
    Benq 27
    Screen Resolution
    2560x1440
    Hard Drives
    1TB Crucial nvme
    Keyboard
    Logitech wired
    Mouse
    Logitech wireless
    Internet Speed
    still too embarrassed to tell
    Browser
    Firefox
    Antivirus
    Defender
    Other Info
    System 3 is non compliant Dell 9020 i7-4770/24gb ram Win11 PRO 26100.4061
glasskuter said:
I would wager that some of the passwords you have on that paper are simple enough that hacking software could break them in less than 10 minutes.
Click to expand...
👀

If someone is hacking your account with brute force your password means nothing to begin with

But, noted…

If you’re going through all the trouble of using a password manager and end up writng it down instead, you could just do something creative like reversing JohnDoe to DoeJohn and knowing its reversed… And noone else but you would ever know.. We’ve moved into this overcomplicated area with passwords IMHO..

And to the OP’s point if you are gonna save anything into the machine, its probably accessible..
 

My Computer

System One

  • OS
    PE

My Computers

System One System Two

  • OS
    Windows 11 Pro 24H2 26100.4061
    Computer type
    PC/Desktop
    Manufacturer/Model
    Dell Optiplex 7080
    CPU
    i9-10900 10 core 20 threads
    Motherboard
    DELL 0J37VM
    Memory
    32 gb
    Graphics Card(s)
    none-Intel UHD Graphics 630
    Sound Card
    Integrated Realtek
    Monitor(s) Displays
    Benq 27
    Screen Resolution
    2560x1440
    Hard Drives
    2x1tb Solidigm m.2 nvme /External drives 512gb Samsung m.2 sata+2tb Kingston m2.nvme
    PSU
    500w
    Case
    MT
    Cooling
    Dell Premium
    Keyboard
    Logitech wired
    Mouse
    Logitech wireless
    Internet Speed
    so slow I'm too embarrassed to tell
    Browser
    #1 Edge #2 Firefox
    Antivirus
    Defender+MWB Premium
  • Operating System
    Windows 11 Pro 24H2 26100.4061
    Computer type
    PC/Desktop
    Manufacturer/Model
    Beelink Mini PC SER5
    CPU
    AMD Ryzen 7 6800U
    Memory
    32 gb
    Graphics card(s)
    integrated
    Sound Card
    integrated
    Monitor(s) Displays
    Benq 27
    Screen Resolution
    2560x1440
    Hard Drives
    1TB Crucial nvme
    Keyboard
    Logitech wired
    Mouse
    Logitech wireless
    Internet Speed
    still too embarrassed to tell
    Browser
    Firefox
    Antivirus
    Defender
    Other Info
    System 3 is non compliant Dell 9020 i7-4770/24gb ram Win11 PRO 26100.4061

My Computer

System One

  • OS
    Windows 11 Pro
    Computer type
    Laptop
    Manufacturer/Model
    Dell XPS 16 9640
    CPU
    Intel Core Ultra 9 185H
    Memory
    32GB LPDDR5x 7467 MT/s
    Graphics Card(s)
    NVIDIA GeForce RTX 4070 8GB GDDR6
    Monitor(s) Displays
    16.3 inch 4K+ OLED Infinity Edge Touch
    Screen Resolution
    3840 x 2400
    Hard Drives
    1 Terabyte M.2 PCIe NVMe SSD
    Cooling
    Vapor Chamber Cooling
    Mouse
    None
    Internet Speed
    960 Mbps Netgear Mesh + 2 Satellites
    Browser
    Microsoft Edge (Chromium)
    Antivirus
    Microsoft Windows Security (Defender)
    Other Info
    Microsoft 365 subscription
    Microsoft OneDrive 1TB Cloud
    Microsoft Visual Studio
    Microsoft Visual Studio Code
    Microsoft Sysinternals Suite
    Microsoft BitLocker
    Microsoft Copilot
    Macrium Reflect X subscription
    Dell Support Assist
    Dell Command | Update
    1Password Password Manager
    Amazon Kindle for PC
    Lightroom/Photoshop subscription
    Interactive Brokers Trader Workstation
I've been a Roboform user for over 10 years, Gary.
 

My Computers

System One System Two

  • OS
    Windows 11 Pro 24H2 26100.4061
    Computer type
    PC/Desktop
    Manufacturer/Model
    Dell Optiplex 7080
    CPU
    i9-10900 10 core 20 threads
    Motherboard
    DELL 0J37VM
    Memory
    32 gb
    Graphics Card(s)
    none-Intel UHD Graphics 630
    Sound Card
    Integrated Realtek
    Monitor(s) Displays
    Benq 27
    Screen Resolution
    2560x1440
    Hard Drives
    2x1tb Solidigm m.2 nvme /External drives 512gb Samsung m.2 sata+2tb Kingston m2.nvme
    PSU
    500w
    Case
    MT
    Cooling
    Dell Premium
    Keyboard
    Logitech wired
    Mouse
    Logitech wireless
    Internet Speed
    so slow I'm too embarrassed to tell
    Browser
    #1 Edge #2 Firefox
    Antivirus
    Defender+MWB Premium
  • Operating System
    Windows 11 Pro 24H2 26100.4061
    Computer type
    PC/Desktop
    Manufacturer/Model
    Beelink Mini PC SER5
    CPU
    AMD Ryzen 7 6800U
    Memory
    32 gb
    Graphics card(s)
    integrated
    Sound Card
    integrated
    Monitor(s) Displays
    Benq 27
    Screen Resolution
    2560x1440
    Hard Drives
    1TB Crucial nvme
    Keyboard
    Logitech wired
    Mouse
    Logitech wireless
    Internet Speed
    still too embarrassed to tell
    Browser
    Firefox
    Antivirus
    Defender
    Other Info
    System 3 is non compliant Dell 9020 i7-4770/24gb ram Win11 PRO 26100.4061
BobOmb said:
But you have it turned on 👀

Google password manager > Settings > turn off 'Use Windows Hello when filling passwords'

Not the first time a feature like this made the “Default ON” list..

Re-Opening your browser on a reboot to the last page you had opened let scammers run wild on Windows for years, and Google left that one on too..

They don’t always make the best decisions..
Click to expand...
Thanks for letting me know about that setting. I was just curious as to what this setting exactly protects. If it protects rats that steal your passwords then to my knowladge, they can still steal your passwords regardless of that setting. So that is why I was confused.
 

My Computer

System One

  • OS
    Windows
BobOmb said:
I'm pretty sure he just demonstrated how to defeat it easily, load any page in the list then text replace the html and save the output...
Click to expand...
No, that was after user's autofill or an automatic autofill, which is equally bad. Any password manager, which supports it, is bad.
 

My Computer

System One

  • OS
    Windows 11 Home Insider Canary
    Computer type
    PC/Desktop
    CPU
    AMD Ryzen 5 8600G (07/24)
    Motherboard
    ASROCK B650M-HDV/M.2 3.25 (07/24)
    Memory
    2x32GB Kingston FURY DDR5 5600 MHz CL36 @5200 CL40 (07/24)
    Graphics Card(s)
    ASROCK Radeon RX 6600 Challenger D 8G @48FPS (08/24)
    Sound Card
    Creative Sound BlasterX AE-5 Plus (05/24)
    Monitor(s) Displays
    24" Philips 24M1N3200ZS/00 (05/24)
    Screen Resolution
    1920×1080@165Hz via DP1.4
    Hard Drives
    Kingston KC3000 NVMe 2TB (05/24)
    ADATA XPG GAMMIX S11 Pro 512GB (07/19)
    PSU
    Seasonic Core GM 550 Gold (04/24)
    Case
    Fractal Design Define 7 Mini with 3x Noctua NF-P14s/12@555rpm (04/24)
    Cooling
    Noctua NH-U12S with Noctua NF-P12 (04/24)
    Keyboard
    HP Pavilion Wired Keyboard 300 (07/24) + Rabalux 76017 Parker (01/24)
    Mouse
    Logitech M330 Silent Plus (04/23)
    Internet Speed
    500/100 Mbps via RouterOS (05/21) & TCP Optimizer
    Browser
    Edge & Brave for YouTube & LibreWolf for FB
    Antivirus
    NextDNS blocking 95% TLDs
    Other Info
    Backup: Hasleo Backup Suite (PreOS)
    Headphones: Sennheiser RS170 (09/10)
    Phone: Samsung Galaxy Xcover 7 (02/24)
    Chair: Huzaro Force 4.4 Grey Mesh (05/24)
    Notifier: Xiaomi Mi Band 9 Milanese (10/24)
    2nd Monitor: AOC G2460VQ6 @75Hz (02/19)
TairikuOkami said:
Any password manager, which supports it, is bad.
Click to expand...
I have to disagree regarding Windows Hello. If one uses a pin, then Yes, using Windows Hello to access a password manager is definitely not a good idea. But if one uses biometrics, using Windows Hello, facial recognition or fingerprint with his password manager is way more secure and is even safer than entering a master password as it safely gets past even keyloggers.
 

My Computers

System One System Two

  • OS
    Windows 11 Pro 24H2 26100.4061
    Computer type
    PC/Desktop
    Manufacturer/Model
    Dell Optiplex 7080
    CPU
    i9-10900 10 core 20 threads
    Motherboard
    DELL 0J37VM
    Memory
    32 gb
    Graphics Card(s)
    none-Intel UHD Graphics 630
    Sound Card
    Integrated Realtek
    Monitor(s) Displays
    Benq 27
    Screen Resolution
    2560x1440
    Hard Drives
    2x1tb Solidigm m.2 nvme /External drives 512gb Samsung m.2 sata+2tb Kingston m2.nvme
    PSU
    500w
    Case
    MT
    Cooling
    Dell Premium
    Keyboard
    Logitech wired
    Mouse
    Logitech wireless
    Internet Speed
    so slow I'm too embarrassed to tell
    Browser
    #1 Edge #2 Firefox
    Antivirus
    Defender+MWB Premium
  • Operating System
    Windows 11 Pro 24H2 26100.4061
    Computer type
    PC/Desktop
    Manufacturer/Model
    Beelink Mini PC SER5
    CPU
    AMD Ryzen 7 6800U
    Memory
    32 gb
    Graphics card(s)
    integrated
    Sound Card
    integrated
    Monitor(s) Displays
    Benq 27
    Screen Resolution
    2560x1440
    Hard Drives
    1TB Crucial nvme
    Keyboard
    Logitech wired
    Mouse
    Logitech wireless
    Internet Speed
    still too embarrassed to tell
    Browser
    Firefox
    Antivirus
    Defender
    Other Info
    System 3 is non compliant Dell 9020 i7-4770/24gb ram Win11 PRO 26100.4061
You must log in or register to reply here.

Similar threads

  • Article Article
Browsers and Mail Export and Import Saved Passwords in Microsoft Edge
Replies
0
Views
21K
Brink
Brink

Latest Support Threads

Latest Tutorials

Back
Top Bottom