What was that password again?

In the course of my daily computing activities I have to remember hundreds of username and password combinations. Literally. Just at work there are two (yes two!) timesheet applications, then there’s my corporate domain credentials, remote access, mobile phone billing portal, etc., each with their own username and password complexity/expiry policies; then there are all the systems at home; and finally the plethora of websites at which I have an account.

There are those who say that writing down credentials is a bad idea, whilst others say that using a single username and password combination is bad practice – these people are absolutely correct as, once compromised, an attacker has access to all the systems that use those credentials but we also need to be pragmatic – how can any user seriously be expected to remember all the usernames and passwords for the multitude of systems that they access? Indeed, many of the credentials I used are stored in my browser’s password manager – I haven’t a clue what my password is and I just open up the page and let my browser auto-complete the fields for me.

If we cast our minds back a few years to the launch of the Microsoft.net Framework, Passport.net was supposed to take away a lot of the hassle for web service authentication and we all know what a failure Passport was (outside Microsoft) – people just didn’t want Microsoft holding the keys to all their systems – InfoCard could well succeed where Passport failed but I have an identity crisis right here, right now!

One of the systems that I access regularly was recently moved to a new server – hence to a new URL and so the stored username and password didn’t work for me. This is where one of the handy system utilities that I wrote about a while back came in useful – I went to the old URL for the application, let the browser auto-complete the details and Nirsoft AsterWin IE was able to scan for the stored password, which I could then manually enter at the new site.

Of course, this advice comes with all the usual caveats when using third party applications to probe for security details… I haven’t checked for any unwanted side effects of using this application and you have been warned!