Thunderbird has forgotten password - and so have I!

[Moira]

For some reason both Thunderbird and myself have forgotten the password for one of my email accounts. On my laptop it is stored and remembered and I wonder if anyone knows where in the roaming appdata of Vista this information is stored.

I'd like to overwrite the email settings with those of the laptop, but don't want to lose all my current email. If I have to formally change this password it affects a whole lot of other stuff - it would be easier during a period where I'm very time poor - just to have the original one recovered.

[SirDice]

Just install a sniffer (wireshark i.e.) on your laptop. Sniff port 110 traffic (for POP3) and collect your email. Your password will be sent in the clear, easily readable in the dump.

[brokencrow]

One of these might jog your memory:

http://www.passcape.com/mozilla_password_recovery.htm

http://www.nirsoft.net/utils/mailpv.html

edit -- you might try Snadboy's Revelation 2.0 to reveal asterisk passwords.

http://www.snadboy.com/

[Moira]

Many thanks, I'll give them a try! In fact the mailpv has found the start of the pass, but I would need to buy the full copy to get something to crack the rest of it. Could be worth it though - I'm always forgetting passwords.

[brokencrow]

I'm always forgetting passwords.

I never save passwords in any of my apps. Manually entering them each
time may be a pain to some, but it's good discipline. Snadboy comes in
real handy. I use it regularly on OPM's (other people's machines). Freaks
people out when they see how easy it is to circumvent some apps. Doesn't
work all the time though (won't get me AOL passwd's anymore -- they built
in some protection). Fwiw, I ALWAYS delete Snadboy when I'm done. I
do not like leaving tools like that installed on a harddrive. Anyones.

[Moira]

Sounds a good way to work! I think more people ought to be shown just how easy it is to circumvent a lot of so called safe password protected places. And don't use the same password for each login - however strong your pass is, put it in a Word document and it can be retrieved within seconds, not because it's a weak password, but the method of hiding passwords in Office is not particularly good. I have to admit, this is the older versions of Word, I haven't tested Office 2007 or even 2003 but it's probably the same.

Likewise a windows login. I used to have a program that retrieved logins very easily due to the poor way Windows stored them. The free program would use a dictionary attack and the paid for version would brute force - often not even necessary.

LOL, isn't that just so AOL? I often wonder how such a lame ISP in lots of ways can sometimes end up being the only sodding program that isn't vulnerable to a particular hack!

[JPnyc]

Is it really safer? I mean if your system is compromised to the point where they can search out a file containing an encrypted password stored, couldn't it also contain a key logger which will grab your password when you type it?

[Moira]

Credit me with some common sense and computer knowledge, please!. I think I might know if I had a keylogger installed, also in this case the lady in question simply had her laptop stolen from the park (God knows what she was doing in the park with it), and it doesn't take a l337 h4X0r to do that!

Actually maybe I should have kept quiet about computer know how. What am I meant to be doing with this Wireshark thing? I asked it to capture a particular file - app data wasn't accessible so I pointed it to imap mail, local store. Nothing happened except when I eventually stopped it, having captured the marvellous total of zero packets, I got a message telling me to turn off promiscuous mode in capture options! Why is it calling my mail promiscuous? Anyway I can't see how to turn this off, I tried several more likely looking files but it's just not capturing packets or packets aren't being generated.

The partial password retrievers have given me part of the pass, which is a big help, but they don't give me the whole word, so I'm still stuck.

PS How do I sniff a port?

[JPnyc]

I didn't mean in your or her case, Moira, I meant in general.

[SirDice]

Wireshark is a network analyzer. You use it to capture network traffic.
Start it up.
Go to Capture -> Options.
Pick the correct network interface.
Set Capture filter to: port 110
Click start..

Collect your email.

Stop capture.

Have a look at the data. Email (POP3, port 110) is all clear text. I am assuming you use POP3 to collect your mail.
For IMAP (also clear text) you would capture port 143.