For the sake of easy use, I let the application to store my passwords. Several important passwords related to my hosting accounts are stored in Opera, Putty and Filezilla. I guess this might be an important security hole, isn't it? How easy is it to recover a password from these applications?
Answer
It's fairly easy - any reasonably competent computer user could probably do it.
Of course, that is only a security risk if you assume that someone can read the files on your hard drive. And if it's a virus/trojan doing this, it could already be logging your keystrokes anyway. So I'd say, if you enter passwords on a computer, it's generally ok to store them as well, unless it's a shared system without user-level security.
BTW, many apps allow encrypting the password store (Firefox e.g. does). That should be secure (unless a keylogger is installed, see above).
No comments:
Post a Comment