Hello
When I log onto websites and I am entering my username I then click to enter my password and my pc automatically fills them in.I do not want my pc doing this and want to type them in myself, for security etc.Is there a setting I need to change to stop my pc doing this as I have looked and cannot see anything?Any advice would be good.
Thanks

Rachel.

---

......In Space No One Can Hear You Scream......

Hi Rachel,
In Internet Explorer go to tools,then internet options, then content.
Click on auto complete and set as you like.

TTYL
Richard

---

Click the Sig!

BOINC Wiki

Rachel,

Assuming you're using IE:
On the browser toolbar click Tools - Internet Options
Choose the Content tab
Click on AutoComplete
Uncheck 'User names and passwords on forms'
There's also a button to clear any saved passwords.

Hope this helps.

Tangent

---

Hello
Yes it does.Thanks very much.I am going to wipe everything when I go away for security reasons.So I will clear all passwords etc.Thanks Guys.

---

......In Space No One Can Hear You Scream......

Hi

For security reasons i use firewall, antivir and antyspy software against addware and trojans hyjackers and so on.

Just my two cents.

Mike

---

With each crime and every kindness we birth our future.

I'll mention this just because some people will find it interesting, there is not much one can do about it at the moment.

When you do type passwords into your browser (or any other program) they are in memory for a brief few milliseconds (longer if the program is not programmed well). Sometimes a computer will write the contents of memory, for a particular program, to disk (to your swap space, or virtual memory) when memory is running low. When it does this depends on what other program may be running, in the background-- perhaps some virus scanning program in the background suddently comes active and needs memory. In any case, when this happens your password is saved on disk.

Another characteristic of modern computers is that when they delete files on disk they don't actually delete the content, but simply mark it as deleted and available for future use. Items are actually deleted later when, by chance, some other program overwrites them.

The combination of these two things means that passwords are written to disk and may remain there for a very long time. There was a study recently in which some individuals scaned various peoples computers for passwords on disk that were made available in this fashion. They found that passwords were sometimes staying on disk for years at a time.

To find passwords in deleted disk space requires a program written for the task. But this problem is just one of many that illustrate that we still have a long way to go in improving computer security.

---

www.onlinetasklist.com

A good idea to make your PC computer more secure should it get stolen is this. Enable BIOS password protection and set the PC only to boot up from the HD only. Disable start up from the optical and A: drives. Then enable a user account with a password when the HD boots up the computer. Be sure to use a complex password. For 99.9% of the thieves out there, this will make your computer just a piece of junk to them.

---

Account frozen...

> When you do type passwords into your browser (or any other program) they are
> in memory for a brief few milliseconds (longer if the program is not
> programmed well). Sometimes a computer will write the contents of memory, for
> a particular program, to disk (to your swap space, or virtual memory) when
> memory is running low. When it does this depends on what other program may be
> running, in the background-- perhaps some virus scanning program in the
> background suddently comes active and needs memory. In any case, when this
> happens your password is saved on disk.
>

Great info redshift,

Seriously. The more people know about security the easier the rest of our jobs will be.

However the case you mention above is less likely. Information is sent to the swap file based on how recently the computer used that part of memory (and whichever program/data sits there). So a recently entered password would be in memory recently accessed, and much less likely to be swapped.

>...is less likely. Information is sent to the

Indeed it is less of a problem than the browser intentionally storing the passwords, which is what rachel asked about. But an issue nonetheless-- here you have security dependent on a race condition. The computer is secure if....the timing is right. Not good design.

---

www.onlinetasklist.com

> complex password. For 99.9% of the thieves out there, this will make your
> computer just a piece of junk to them.
>

The thieves can install your hard drive as a 2nd disk on another computer and then study its content. Not many people can extract passwords from the windows swap file but some can. Nowdays we all have many UserIDs and Passwords to all sort of places, a good idea is not no have them on the PC but if you must, store them in an encrypted file.

In the end, if your computer was stollen you have to asume that the information on it was compromised.

Yair

---

Yair

Worse is the fact that with the right equipment and patience even data that is erased using a "shredder" or multi-pass write can leave enough residue that it can be recovered.

About the only way to guarentee security is to physically destroy the platters themselves (something we had to do for the disks in OTH-B because of the possiility that secret code might have been on the disk).

Spyware also can include a keystroke capture ...

---

There is always thermite...

---

> > complex password. For 99.9% of the thieves out there, this will make
> your
> > computer just a piece of junk to them.
> >
>
> The thieves can install your hard drive as a 2nd disk on another computer and
> then study its content. Not many people can extract passwords from the windows
> swap file but some can. Nowdays we all have many UserIDs and Passwords to all
> sort of places, a good idea is not no have them on the PC but if you must,
> store them in an encrypted file.
>
> In the end, if your computer was stollen you have to asume that the
> information on it was compromised.
>
> Yair
>

I have written programs, for personal use, that I incorporated encrypted password capability. If I write a stand-alone password utility with encrypted password buried deep within the guts of the files on my hard drive, have it pop up when the Windoze password is entered properly, then have it re-boot the PC upon the third wrongly entered password, I believe that someone would be hard pressed to gain access to my hard drive. What do you think?

EDIT:
Oh, and disable the 3 finger salute so that they won't be able to shut it down with Task Manager.
/EDIT:

Timestamp: Monday, 20 December 2004 - 08:07 PM --800 (Pacific Standard Time)

L8R....

---

---

CAPT Siran d'Vel'nahr - L L & P _\\//
Winders 11 OS? "What a piece of junk!" - L. Skywalker
"Logic is the cement of our civilization with which we ascend from chaos using reason as our guide." - T'Plana-hath

> There is always thermite...
>

Ahhh thermite, the product with 1001 uses :]

> > There is always thermite...
> >
>
> Ahhh thermite, the product with 1001 uses :]
>
>
>

I have set my pc not to remember paswords so I have to type them in each time.They are only for websites like this.I do not have any major or bank account passwords on my pc.I have a privacy thing running too so when the pc starts up it asks for a password before it starts up properly.

---

......In Space No One Can Hear You Scream......

> > > There is always thermite...
> > >
> >
> > Ahhh thermite, the product with 1001 uses :]
> >
> >
> >
>
> I have set my pc not to remember paswords so I have to type them in each
> time.They are only for websites like this.I do not have any major or bank
> account passwords on my pc.I have a privacy thing running too so when the pc
> starts up it asks for a password before it starts up properly.
>

I have 2 passwords set in my BIOS, 1 for booting the PC and 1 for getting into the BIOS settings. I also have a password set for getting Windoze to launch. When I leave for work I set the PC to turn on a screen saver with password and then power down the monitor.

Timestamp: Tuesday, 21 December 2004 - 06:10 AM --800 (Pacific Standard Time)

L8R....

---

---

CAPT Siran d'Vel'nahr - L L & P _\\//
Winders 11 OS? "What a piece of junk!" - L. Skywalker
"Logic is the cement of our civilization with which we ascend from chaos using reason as our guide." - T'Plana-hath

> > > > There is always thermite...
> > > >
> > >
> > > Ahhh thermite, the product with 1001 uses :]
> > >
> > >
> > >
> >
> > I have set my pc not to remember paswords so I have to type them in each
> > time.They are only for websites like this.I do not have any major or
> bank
> > account passwords on my pc.I have a privacy thing running too so when the
> pc
> > starts up it asks for a password before it starts up properly.
> >
>
> I have 2 passwords set in my BIOS, 1 for booting the PC and 1 for getting into
> the BIOS settings. I also have a password set for getting Windoze to launch.
> When I leave for work I set the PC to turn on a screen saver with password and
> then power down the monitor.
>
> Timestamp: Tuesday, 21 December 2004 - 06:10 AM --800 (Pacific Standard Time)
>
> L8R....
>
> -

my other pc had a screensaver password thing but I do not have a screensaver running now.I just log out on the privacy thing when I go out and if anyone else tries doing anything a box pops up asking for the passward.

---

......In Space No One Can Hear You Scream......

>
> I have 2 passwords set in my BIOS, 1 for booting the PC and 1 for getting into
> the BIOS settings. I also have a password set for getting Windoze to launch.
> When I leave for work I set the PC to turn on a screen saver with password and
> then power down the monitor.
>

But for anyone stealing your computer(s), it's just to reset BIOS to remove these passwords, and for accessing hd either put it into another computer or upgrade/re-install windows...

Any encrypted files is AFAIK on the other hand still encrypted.


BTW, it's atleast 4 ways to start Task Manager on NT, the easiest is ctrl-shift-esc. ;) Not sure if XP have changed any of these methods...

>
> I have written programs, for personal use, that I incorporated encrypted
> password capability. If I write a stand-alone password utility with encrypted
> password buried deep within the guts of the files on my hard drive, have it
> pop up when the Windoze password is entered properly, then have it re-boot the
> PC upon the third wrongly entered password, I believe that someone would be
> hard pressed to gain access to my hard drive. What do you think?
>
Sorry to disappoint you Siran, but once a hacker have your hard drive he can run your programs from a disassembly debugger and easyly trace the place where your program goes to the harddrive to get the internal password, then see the value that is being compared as the reference. He will actually know your password after the first try.

Yair

---

Yair

> >
> > I have written programs, for personal use, that I incorporated encrypted
> > password capability. If I write a stand-alone password utility with
> encrypted
> > password buried deep within the guts of the files on my hard drive, have
> it
> > pop up when the Windoze password is entered properly, then have it
> re-boot the
> > PC upon the third wrongly entered password, I believe that someone would
> be
> > hard pressed to gain access to my hard drive. What do you think?
> >
> Sorry to disappoint you Siran, but once a hacker have your hard drive he can
> run your programs from a disassembly debugger and easyly trace the place where
> your program goes to the harddrive to get the internal password, then see the
> value that is being compared as the reference. He will actually know your
> password after the first try.
>
> Yair
>

They would have to have absolutely nothing else better to do. The window that pops up would not display the name of the utility and I would not put any feature for getting any information about the utility. All the utility would do is ask for the password and then compare what was typed. I could give the utility some really off-the-wall name like "foo" and without knowing that, they would not know what to look for. If I can figure out how to write an encrypted password utility, which I have, I can figure out how to make the utility completely block any access, no other programs could be started. I've gotta go, I just noticed something weird happening....

Timestamp: Tuesday, 21 December 2004 - 06:44 PM --800 (Pacific Standard Time)

L8R....

---

---

CAPT Siran d'Vel'nahr - L L & P _\\//
Winders 11 OS? "What a piece of junk!" - L. Skywalker
"Logic is the cement of our civilization with which we ascend from chaos using reason as our guide." - T'Plana-hath