Skip to main content

Password Storage Locations For Popular Windows Applications

Many people ask about the location in the Registry or file system that Windows applications store the passwords. Be aware that even if you know the location of the saved password, it doesn't mean that you can move it from one computer to another. many applications store the passwords in a way that prevent you from moving them to another computer or user profile.

However, you can use this information to remove unwanted saved passwords from your system.
  • Windows Network Passwords (XP/Vista/2003): When you connect to the file system of another computer on your network (something like \\MyComp\MyFolder), Windows allows you to save the password. If you choose to save the password, the encrypted password is stored in a credential file. The credential file is stored in the following locations:
    • Windows XP/2003: [Windows Profile]\Application Data\Microsoft\Credentials\[User SID]\Credentials and [Windows Profile]\Local Settings\Application Data\Microsoft\Credentials\[User SID]\Credentials
    • Windows Vista: [Windows Profile]\AppData\Roaming\Microsoft\Credentials\[Random ID] and [Windows Profile]\AppData\Local\Microsoft\Credentials\[Random ID]
  • Dialup/VPN Passwords (2000/XP/Vista/2003): Dialup/VPN passwords are stored as LSA secrets under HKEY_LOCAL_MACHINE\Security\Policy\Secrets. This key contains multiple sub-keys, and the sub-keys which store the dialup passwords contains one of the following strings: RasDefaultCredentials and RasDialParams. This key is not accessible from RegEdit and other tools by default, but you can use one of the following methods to access this key:
    • Use at command to run RegEdit.exe as SYSTEM user: (doesn't work under Vista)
      For Example: at 16:14 /interactive regedit.exe
    • Change the permission of entire Security key. If you do that, it's recommeneded to return the permissions back to the original after you finish.
  • Internet Explorer 4.00 - 6.00: The passwords are stored in a secret location in the Registry known as the "Protected Storage". The base key of the Protected Storage is located under the following key: "HKEY_CURRENT_USER\Software\Microsoft\Protected Storage System Provider". In order to view the subkeys of this key in RegEdit, you must do the same process as explained for the LSA secrets. Even when you browse the above key in the Registry Editor (RegEdit), you won't be able to watch the passwords, because they are encrypted. Also, this key cannot easily moved from one computer to another, like you do with regular Registry keys.
  • Internet Explorer 7.00 - 8.00: The new versions of Internet Explorer stores the passwords in 2 different locations. AutoComplete passwords are stored in the Registry under HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\IntelliForms\Storage2. HTTP Authentication passwords are stored in the Credentials file under Documents and Settings\Application Data\Microsoft\Credentials , together with login passwords of LAN computers and other passwords.
  • Firefox: The passwords are stored in one of the following filenames: signons.txt, signons2.txt, and signons3.txt (depends on Firefox version) These password files are located inside the profile folder of Firefox, in [Windows Profile]\Application Data\Mozilla\Firefox\Profiles\[Profile Name] Also, key3.db, located in the same folder, is used for encryption/decription of the passwords.
  • Google Chrome Web browser: The passwords are stored in [Windows Profile]\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data (This filename is SQLite database which contains encrypted passwords and other stuff)
  • Opera: The passwords are stored in wand.dat filename, located under [Windows Profile]\Application Data\Opera\Opera\profile
  • Outlook Express (All Versions): The POP3/SMTP/IMAP passwords Outlook Express are also stored in the Protected Storage, like the passwords of old versions of Internet Explorer. 
  • Outlook 98/2000: Old versions of Outlook stored the POP3/SMTP/IMAP passwords in the Protected Storage, like the passwords of old versions of Internet Explorer.
  • Outlook 2002-2008: All new versions of Outlook store the passwords in the same Registry key of the account settings. The accounts are stored in the Registry under HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\[Profile Name]\9375CFF0413111d3B88A00104B2A6676\[Account Index] If you use Outlook to connect an account on Exchange server, the password is stored in the Credentials file, together with login passwords of LAN computers.
  • Windows Live Mail: All account settings, including the encrypted passwords, are stored in [Windows Profile]\Local Settings\Application Data\Microsoft\Windows Live Mail\[Account Name] The account filename is an xml file with .oeaccount extension.
  • ThunderBird: The password file is located under [Windows Profile]\Application Data\Thunderbird\Profiles\[Profile Name] You should search a filename with .s extension.
  • Google Talk: All account settings, including the encrypted passwords, are stored in the Registry under HKEY_CURRENT_USER\Software\Google\Google Talk\Accounts\[Account Name]
  • Google Desktop: Email passwords are stored in the Registry under HKEY_CURRENT_USER\Software\Google\Google Desktop\Mailboxes\[Account Name]
  • MSN/Windows Messenger version 6.x and below: The passwords are stored in one of the following locations:
    • Registry Key: HKEY_CURRENT_USER\Software\Microsoft\MSNMessenger
    • Registry Key: HKEY_CURRENT_USER\Software\Microsoft\MessengerService
    • In the Credentials file, with entry named as "Passport.Net\\*". (Only when the OS is XP or more)
  • MSN Messenger version 7.x: The passwords are stored under HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Creds\[Account Name]
  • Windows Live Messenger version 8.x/9.x: The passwords are stored in the Credentials file, with entry name begins with "WindowsLive:name=". These passwords can be recovered by both Network Password Recovery and MessenPass utilities.
  • Yahoo Messenger 6.x: The password is stored in the Registry, under HKEY_CURRENT_USER\Software\Yahoo\Pager ("EOptions string" value)
  • Yahoo Messenger 7.5 or later: The password is stored in the Registry, under HKEY_CURRENT_USER\Software\Yahoo\Pager - "ETS" value. The value stored in "ETS" value cannot be recovered back to the original password.
  • AIM Pro: The passwords are stored in the Registry, under HKEY_CURRENT_USER\Software\AIM\AIMPRO\[Account Name]
  • AIM 6.x: The passwords are stored in the Registry, under HKEY_CURRENT_USER\Software\America Online\AIM6\Passwords
  • ICQ Lite 4.x/5.x/2003: The passwords are stored in the Registry, under HKEY_CURRENT_USER\Software\Mirabilis\ICQ\NewOwners\[ICQ Number] (MainLocation value)
  • ICQ 6.x: The password hash is stored in [Windows Profile]\Application Data\ICQ\[User Name]\Owner.mdb (Access Database) (The password hash cannot be recovered back to the original password)
  • Digsby: The main password of Digsby is stored in [Windows Profile]\Application Data\Digsby\digsby.dat All other passwords are stored in Digsby servers.
  • PaltalkScene: The passwords are stored in the Registry, under HKEY_CURRENT_USER\Software\Paltalk\[Account Name].
Labels:

Comments

Post a Comment

Popular posts from this blog

How to disable Autoconfiguration IPv4 Address

How to disable Autoconfiguration IPv4 Address Sometime your windows get error, they can not connect to the internet or appear a message likes "conflict IP address" Enter: Run > cmd > ipconfig /all You may see the following issues: To fix it, enter these from Command Prompt: netsh interface ipv4 show inter netsh interface ipv4 set interface xx dadtransmits=0 store=persistent change xx with idx number your local area connection ( 11 for my case ) then restart your computer. If you want to disable DHCP Client: Run > services.msc > disable DHCP Client service note: if you disable DHCP Client, your computer cannot get ip from DHCP Server. You must setup your IP manually.
Post a Comment
Read more

How to unlock excel worksheet

Sometimes you keep an excel worksheet with a password to keep confidential, and sometimes you forget the password. Here I will explain how to open the locked excel worksheet. The first step, open the excel file that is locked and press alt + f11. then double clik on the sheet do you want unlock see the picture below And then copy this code Insert the code below in the general declarations page you have opened. You should not have to change anything , sheet name etc... Just copy and paste _____________________________________________________________________ Sub PasswordBreaker() 'Breaks worksheet password protection. Dim i As Integer, j As Integer, k As Integer Dim l As Integer, m As Integer, n As Integer Dim i1 As Integer, i2 As Integer, i3 As Integer Dim i4 As Integer, i5 As Integer, i6 As Integer On Error Resume Next For i = 65 To 66: For j = 65 To 66: For k = 65 To 66 For l = 65 To 66: For m = 65 To 66: For i1 = 65 To 66 For i2 = 65 To 66: For ...
Post a Comment
Read more

Virus ".micro File Extentions"

.micro virus....!!! yeah.... this is ransomware virus (such as crytolock in 2015). This virus make all your file ( such as document,photo etc) turned to " .micro File Extentions " and make that's file unable to accessed/opened. It has encrypted your files and now they want money to give you the unlock key. This virus ( .micro File Extension) is a very harmful infection that silently infiltrates into targeted windows computer without seeking for any approval and hides itself behind the system background. You won’t recognize its arrival as it infiltrates very secretly and via various internet sources. Below some of the common source are discussion that makes invasion of harmful parasites into compromised machine. Social Media : Visiting malicious websites, unsafe web pages, phishing domain and unauthentic web pages are the major ways for the invasion of creepy computer threats. Drive By Download : This very malware usually comes bundled with freeware software installe...
Post a Comment
Read more