On the internet it has two serious problems: passwords and cookies. Passwords are because it is not possible for something as important as accessing a web page or a profile to depend on a string of characters that anyone else can get. And cookies because we do not know what they do with our data when we click on Accept when entering a web page. The solution for passwords is easy, eradicate them all at once. The solution for cookies is to regulate them even more than they are.
This article I’m going to discuss why passwords are so dangerous and ways to get access to saved passwords in less than a minute.
Passwords that hide nothing
A password is, by definition, a secret sign that allows access to something, someone or a group of people previously inaccessible. It’s never a good idea to leave your password saved in a browser that is public or that you share. The asterisks “*” or dots “.” (Fig. 1) they do not work because they give us a clue to another person that that password is saved. There are several ways to get that password.
Event inspector to discover passwords
In the example in Fig. 1 we see that someone, in the past, logged in to Netflix from an account and left the password saved in the browser. If the computer is yours nothing happens, but if it is public you are exposing your username and password to anyone who enters that computer. In addition, the password is saved in the browser’s password manager.
If in the browser we double click on the dots or asterisks and then right mouse button we have the option to Inspect the page as seen in Fig 2.
Change Data Type in Event Inspector
The time has come to know the password in plain text that has been set. In the event inspector only by changing the data type and putting “text” instead of “password” the saved password is discovered. Anyway, in the browser itself if you go to the menu there is a password option and you see all the saved passwords, all of them.
Summary
We already know the password, now what? Passwords are a serious problem nowadays. If something as important as our data only depends on a string of characters that someone else can get, it cannot be safe or useful. Any account on the internet where you see the password as “*” or “.” can be compromised.
If we get the password in this way on a public computer it tells us what is the password of that account, the real one, the password in plain text. That is, you can go home, enter a computer of ours and log in with that information. If the other person does not have a second authentication factor, their privacy will be violated. As a conclusion, never leave your password saved on a public computer and if you have already finished using a computer from the university or a library, eliminate any trace that is about you on that shared computer.
[…] Passwords with text are not a correct solution since anyone, if they know what that password is, can log into someone else’s account. Secondary systems have been developed to improve the strength of passwords, but they are still plain text. The use of encoding passwords in the form of HASH functions is one of the systems that are used as explained in this article The problem of passwords when you use Internet. […]