I've heard several rumors reguarding AOLcreating a file or document within the AOL folder on individual's computers that stores the passwords for all the accounts accessed from that computer. I was wondering if someone could shed some light on this rumor. If there such a file or document, what is it and how can I make sure that no one who uses my computer can get access to my password? If the rumor is false, please just help clear up this issue.

Anytime you "save" your login details to make it "remember" then it is storing it somewhere. To protect yourself from this, make sure you enter your username and password everytime you login. Can be a pain sometimes, but safer.

Several things:

1. Browsers (IE, Mozilla) commonly store web passwords. These may be optionally encrypted, but commonly aren't.
2. Windows stores passwords for Dial up networking anyway. Again, they may be encrypted, but might not.
3. If someone can gain full access to your hard drive, it's only slightly harder for them to place a keylogger and obtain all your passwords anyway, so it's not really a problem

AOL storing its password is no different.

How would I be able to test my computer to find out if my password is stored on PC? Where would the file, even if it is encrypted be stored?

I was under the impression that AOL did not store passwords client-side. Now, i know that AIM does this, and the encryption is rather weak...

Originally posted here (http://www.AntiOnline.com/showthread.php?threadid=#post) by Artrus
How would I be able to test my computer to find out if my password is stored on PC? Where would the file, even if it is encrypted be stored?

couldn't you check to see what files were most recently altered, i know on my mandrake sys i have a tool to easily view recently/currently altered files... is there a way to do this in windows???

i believe you can do that in the "find" or "search" option under windows. but the real question is, what is the file that is stored "client side" and how would it be encrypted?

actually it did, or still does, i remember having a password that would crack the file for you if the user choose to store the password.

strandedthinker, that is correct... AOL will only store yer' passwd if you choose to, so only those AOL user's that enable that option will have their passwords stored on the HDD...

err not a password, a program*

Originally posted here (http://www.AntiOnline.com/showthread.php?threadid=#post) by Artrus
i believe you can do that in the "find" or "search" option under windows. but the real question is, what is the file that is stored "client side" and how would it be encrypted?

Perhaps I am cynical but why do you need the exact name of the file ..if you are trying to secure your system all you need to know is that saving your password is a bad idea and that if some one has physical access to the system its too late (key logger, ect. or they can just launch aol with the stored password). If someone can access your file over the internet then your system has already been compromised and its too late. Your best protection from outside attacks is not the level of encryption on that file but a fire wall and making sure you are not sharing files/folders to the outside world.

So my question is why do you want to get some one else’s AOL login...my guess is that you are trying to crack your parents password because your account locks out porn.

i believe the password file is the same name as the users screen name, atleast for the aim crack

where is ur password file in AIM located at???

I would have to agree with bballad. Something isn't right here. Why the big interest about knowing the name of the password file and exactly where it's stored?

If you really want to protect yourself the ways mention above does the trick otherwise am not sure where this thread is heading....

Just my thought on things...

Guidance

This may have changed since v6.0 but even if you DONT store your password, it can appear in some of your aol files. The one file that seemed to have my passwords in it more then any other was Main.idx in the aol directory. If you use a hex editor you can go through and look for it. The easiest way would be to search for your username and look around in that general area for it. Like I said, you do not have to store your password for it to be in there, because I NEVER stored it and did find all of my password in there at one point or another.

Hope this helps

aol has been doing this for some time... it is an encrypted file... i think that aol stores it in your registry now... i know aim stores the password encrypted in your registy... at least on xp. under hkey_users => (select user) => software => american online => aol instant messenger => user => (select user) => login and it is there encrypted... cracking this encryption.. not sure what they are using to encrypt it or what algorythm... it could be done... but i don't plan on venturing a guess... also i agree with bballad... sounds a little strange

Yep Something doesn't seem quite right here. You don't have to know what the file name is and where it is stored. All you need to know is what bballad said, which it is a bad Idea to have the computer remember you pass and username if your trying to be secure.