Password security can never be taken for granted and even if complex passwords or security programs are used, they can always be discovered by users more able to use the computer. To protect yourself from password theft, you need to know how they can be tracked down on a PC.
You don't need to be a hacker or a hacker at all, you just need a little cunning to take possession of any account, as already pointed out in explaining how to steal the passwords of internet sites.
In this article we are going to examine one of the easiest ways to find passwords stored on a computer, using simple free programs, stored in a "steal password" USB stick .
It will therefore be sufficient (in theory) to insert the USB stick into a computer to have access to all the user's passwords, including those of the wifi network, access to Facebook, Google, Twitter and all the accounts of the sites saved in the browser and in other computer programs .
Without going to look for who knows what software with the risk of running into malicious programs, just download and run the "show password" tools offered for free by Nirsoft, a developer who does nothing but make visible what is stored on PCs.
Their purpose is to recover lost or forgotten passwords of internet and network accounts.
Among these are:
- IE PassView for passwords in internet explorer.
- ChromePass, for Chrome passwords.
- OperaPassView for Opera browser.
- Network Password Recovery for network passwords.
- WirelessKeyView for the keys of the wifi networks.
- RouterPassView to access the router.
- WebBrowserPassView to see logins and passwords saved on Firefox, Chrome and Internet Explorer.
The download of these tools may be blocked by the antivirus or by the browser itself, therefore, first, you must disable the download control.
On Chrome, for example, in the advanced settings, in the privacy section, temporarily disable protection against phishing and malware.
By running the various programs one by one, which do not have a size greater than 2 Mega, you get the passwords written in different areas of the computer.
If you are using Windows 7 or Windows 8 you can then double-click on each program and to see the list of passwords.
From the Edit menu, click Select All and then, from the File menu, save the passwords in a text file.
On PCs with Windows XP and Vista, you can create a script that runs all these utilities at once, saving them in a text file.
Then download the various tools, extract them and copy only the executable files (the .exe files) to the USB stick.
Create a new text document with the notepad and write the following text in it:
start passview.exe / stext passview.txt
Put the name of the program in place of passview.exe and the name of the file in which to save the passwords in place of passview.txt.
You can write as many lines to the file as there are downloaded Nirsoft programs.
For example:
start netpass.exe / stext netpass.txt
start RouterPassView.exe / stext RouterPassView.txt
start WebBrowserPassView.exe / stext WebBrowserPassView.txt
start WirelessKeyView.exe / stext WirelessKeyView.txt
...
At the end, copy the text file to the USB stick, with the name launch.bat (to change the extensions, go to folder options from the control panel and remove the check from " Hide extensions " in the display tab).
Once done, just launch the launch.bat file to copy all the passwords of the computer in an instant.
Fortunately, this trick only works if you have full access to the computer, therefore only if it has been left unattended and with the user already logged in with the Windows account.
This is a very basic practical example that exploits innocent programs, but even against a more sophisticated password stealing malware it is not so difficult to protect yourself, if you respect the minimum security measures of the computer :
- Disable the autorun, so as not to allow the automatic command to run when connecting the USB stick to the computer.
- Use an antivirus with real time protection, which prevents the execution of these types of programs.
- Do not allow the browser to remember passwords, or at least the most important ones, such as those of the bank.
This is an important recommendation already made in the past in the articles on how to see passwords on Chrome and on how to find out the passwords stored on the browser behind dots or asterisks.
Instead of saving passwords with the browser, password managers such as Lastpass can be used.
- Use two-factor authentication on all sites where it is possible, so that even if a stranger has our passwords, he will still not be able to use it to access our accounts.
- Never violate the first IT security rule: If someone can convince you to run a program on your computer, that is no longer your PC .
You should always have physical control of the computer whenever possible and never leave it unattended and usable by other people.
Nobody should be able to insert USB sticks, run programs or create files without our permission.
Always put a password to the Windows account used to log on to the computer, without disabling the UAC control of Windows 8 and 7.
READ ALSO: How passwords are stolen: Gmail case by example
