# Find Passwords entered in browser



## stryker23 (May 23, 2004)

I was wondering if it is possible to find passwords, through cookies or temporary internet files or any files, that have been entered in either Firefox or Internet Explorer. The passwords were not saved by the browsers. For instance if I log on to an email account on someone else's computer, is it possible for them to find it? If so, how is it done?


----------



## Fidelista (Jan 17, 2004)

No . Cookies and temp files can show site , but not a email password. When finished with mail, on anothers machine , it is smart to close browser. >f


----------



## stryker23 (May 23, 2004)

Thanks for the reply. That's what I figured, but I always like to have someone else's word for it.


----------



## cwwozniak (Nov 29, 2005)

Fidelista said:


> Cookies and temp files can show site , but not a email password.


That may not be true in all cases. Consider the case of using a browser to access your messages via a web interface on the email server. It is possible that the server could set cookies on the computer that contain both the user name and password in plaintext. Unless the browser preferences are set to delete all cookies when closing the browser. Those cookies would still exist for the next user to find them.


----------



## stryker23 (May 23, 2004)

cwwozniak said:


> That may not be true in all cases. Consider the case of using a browser to access your messages via a web interface on the email server. It is possible that the server could set cookies on the computer that contain both the user name and password in plaintext. Unless the browser preferences are set to delete all cookies when closing the browser. Those cookies would still exist for the next user to find them.


Is that the only possible instance of that happening? I was mostly wondering about email servers like gmail, hotmail, or even just logging into something like this forum.


----------



## cwwozniak (Nov 29, 2005)

I just looked at my Firefox cookies. It looks like Gmail uses cookies with what appear to be strings of random letters and numbers of different lengths for the content. I would guess that they somehow encode the username and password into the string. It looks like gibberish to people but the Gmail server knows how to decode the information.

It looks like TSG stores the user ID as a number and the password as some type of encrypted text string.

Not sure about hotmail since I don't use it.

I suspect that someone using Firefox on the computer after you would automatically have that information used if they went to gmail or TSG. Clicking the logout button on such a site might clear the cookies.


----------



## hewee (Oct 26, 2001)

I looked at mine in Firefox and do not see any password but seems like on my other drive that went south on that I had more cookies saved and I was using Netscape.
Seem like there was a site that looking at the details it did have the password showing and that is not good. 
Looking now all are ok but at myway email it showes my user name. Not the password but still it shows info.

So best to use session cookies and then when you close down Firefox or Internet Explorer the session cookie will be deleted.


----------

