![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
Ever checked the box "Remember password"? Ever selected from "Advanced..." the option "encrypt contents"? Hmmm... What if somebody logs in with your password and makes the best of easy access to your online bank account, decrypts your encrypted files and copies them to USB drive, and (just for fun) sends a few messages in your name to your business partners and superwisers?
Have you just said, "Impossible!"?
Welcome to a brave new world: free password recovery web services like this one make it all too easy for anyone with physical access to your computer or backup tapes. Wait, wait, where are you going? To clear the cookies folder? Is it all you can master? OK, OK, I'll wait. Back now? Well, the speed of the service means the brute-force password crack is not used. What is it then? Maybe, they've got hold of the second (or third) Windows CryptoAPI key? Oh, NO! I would never imply that they have stolen it - rumor being it is heavily guarded against theft! But what about getting it as a present?
PS. Have the admin of the web server, processing the recovery requests, noticed that every second recovered password is identical to administrator password of that web server?
Have you just said, "Impossible!"?
Welcome to a brave new world: free password recovery web services like this one make it all too easy for anyone with physical access to your computer or backup tapes. Wait, wait, where are you going? To clear the cookies folder? Is it all you can master? OK, OK, I'll wait. Back now? Well, the speed of the service means the brute-force password crack is not used. What is it then? Maybe, they've got hold of the second (or third) Windows CryptoAPI key? Oh, NO! I would never imply that they have stolen it - rumor being it is heavily guarded against theft! But what about getting it as a present?
PS. Have the admin of the web server, processing the recovery requests, noticed that every second recovered password is identical to administrator password of that web server?
