Windows offers you the option to store your password for various sign-on or login screens. In general this is frowned upon by Security Admins because if I sit down at one of those computers I can log on as that person without needing the password because Windows already knows the password for me. Users like it because its hard to remember 43 different passwords, especially if the Admin has enforced strong passwords and they can't use their dog's name or their son's birthday as their password.

I agree completely with the idea that it is insecure if a 3rd-party can sit at your computer and gain access to things they are not authorized for. However, using stored passwords means that you can't be shoulder-surfed- nobody can watch to see you type the password because you won't be typing it. It also means that someone doing keystroke logging using a Trojan horse or a product like EBlaster won't be able to get your passwords because you won't be typing them. An additional "feature" is that using stored passwords means its less liekly that users will have them written down on a piece of paper in their desk drawer or on a sticky note attached to the monitor.

I am doing a review of EBlaster for an article and I started playing around with its functions and it occurred to me that using cached or stored passwords may offer advantages. The physical security of your computer may play into which is better- in other words yuo have to determine which is more likely to occur- someone will sit down at your computer and use your stored passwords against you, or someone will get a Trojan horse or keystroke logging program on your computer.

So, here is my question- where are the stored passwords stored? Is / are the file or files easy to find? Are they encrypted or protected? Could someone with remote access easily get the file and crack it with LC4 or something like that?

If the files are easily found and cracked then someone with remote access could still get your passwords, but someone who was simply doing keystroke logging still wouldn't get them.

Thoughts?