Windows XP offers the ability to save passwords for web sites and network resources. This can be very convenient as opposed to remembering and entering the username and password each time you need access, but it poses a security risk because anyone who has physical access to your computer would also be able to log into those sites using your saved credentials.
While biometrics and other user authentication methods have become more widely used and accepted in recent years, the prevailing method of user athentication remains the username and password. Users have passwords to access their computer, shared network resources, web sites, business applications and other resources.
Different sites and applications have different policies regarding how to create the passwords and standard security practices suggest that users should use a different and unique password for each login. For many users it becomes unruly to recall the various usernames and passwords and they may write them down on a notepad in their desk drawer or put it on a sticky note on their monitor so they can remember them all. Of course, anyone else can also come along and read the passwords as well.
Windows XP offers users the ability to retain passwords so that the authentication information required to login is automatically pre-populated when the different sites or resources are accessed rather than the user having to enter them each time. Because this requires being logged into the computer in the first place it provides some convenience for the user while remaining more secure than writing everything on a sticky note on the monitor. Unfortunately, it is still counter-productive from a security perspective because anyone who sits down at the computer while it is logged in or gains access to your computer user account will subsequently be able to access all of the various sites and resources as if they were the user because of the cached login credentials.
Windows XP does not offer a very easy way to review or remove the saved passwords though. If you follow the steps below though you can access a graphical interface to add, remove or edit the saved passwords on a given system.
1. Click Start and select Run
2. In the Open field type “rundll32.exe keymgr.dll, KRShowKeyMgr”
3. Once the Stored Usernames and Passwords interface opens you can select any of the entries and select Properties to view the existing information
4. To remove a saved password you can select one of the entries and select Remove. A confirmation screen will appear. Click on OK and the account will be removed
5. You can add additional saved passwords as well by clicking on the Add button and entering the appropriate information
6. Repeat the steps above as needed to add, remove or edit saved passwords
7. When you are done using the interface click the Close button