Windows XP provides a secure system for storing sensitive data associated with Web pages you visit using Internet Explorer. This data store includes saved user names, passwords, and Web form data you “remember” using the AutoComplete feature in Internet Explorer. Occasionally, people ask me where this data is stored, assuming (logically) that it has to be saved somewhere and that these saved passwords could represent a security risk.
Here’s the good news: The Protected Storage service, which runs as part of the Local Security Administration subsystem (Lsass.exe) manages this data store. This data is encrypted using your logon credentials and is stored in a secure portion of the registry. For security reasons, you cannot view the hashed data directly. Instead, Windows allows programs to query for specific data. The Protected Storage service decrypts the data only when it can verify that the request is accompanied by the correct logon credentials – in other words, that whoever is making the request is currently logged on using the same account that was used to store the data.
What happens if you forget a saved password that you use to access a secure Web site? Although you can log on using the saved credentials, you can’t read the password or export it to another program. That’s especially unfortunate if you’re switching to a new PC, because the Files and Settings Transfer Wizard doesn’t migrate saved passwords either.
The solution? Download a copy of the free Protected Storage Explorer. This tool queries the Protected Storage database and dumps its contents into an Explorer-style window that you can use to browse saved passwords for e-mail accounts, FTP servers, Web sites, and other normally hidden locations. You must be logged on to a user account to view saved data for that account. Needless to say, the existence of a tool like this should inspire you to lock your computer when you step away from your desk.
[Some of the material in this tip originally appeared in Windows XP Inside Out, Second Edition.]
Ed Bott 