检索禁用浏览器的密码提示_保存和检索浏览器（和其他）密码

检索禁用浏览器的密码提示

The security balance is always user convenience vs. absolute security. You want security? Disconnect your computer from the internet. Don't save your passwords. Use multi-factor authentication. But that's not reasonable.

安全性平衡始终是用户便利性与绝对安全性之间的平衡。 您想要安全吗？ 断开计算机与互联网的连接。 不要保存您的密码。 使用多因素身份验证。 但这是不合理的。

• Browsers let you save the contents of Forms that you fill out, including passwords.
  浏览器使您可以保存填写的表单内容，包括密码。
• Some browsers sync those settings/histories/passwords to other computers with that browser running, if you are signed into a service with a master password.
  如果您使用主密码登录到服务，则某些浏览器会将这些设置/历史记录/密码与运行该浏览器的其他计算机同步。
• Those passwords need to be stored somewhere locally, and they need to be retrieved by the browser (who is not running as administrator) so that the browser can fill out your form for you.
  这些密码需要存储在本地某个地方，并且需要由浏览器(未以管理员身份运行)取回，以便浏览器可以为您填写表格。
• Someone writes code to retrieve those passwords.
  有人编写代码来检索那些密码。
• If you, running as you, the user, can access those passwords, than other code running as you, the user, can also access them.
  如果您以用户身份运行，则可以访问这些密码，而不是以用户身份运行的其他代码也可以访问它们。

If you don't like this, don't save your passwords.

如果您不喜欢这样，请不要保存密码。

I think the concern (I know I was concerned) about the recent hubbub about browser security is the feeling of casual disclosure. It is uncomfortable when it seems easy to get your passwords. But they are still there.

我认为，最近对浏览器安全的喧hub是我随便披露的感觉(我知道我对此很担心) 。 似乎很容易获得密码时，这很不舒服。 但是他们仍然在那里。

Remember the 10 Immutable Laws of Security, specifically #3.

请记住安全性的十大法则，特别是第3条。

Law #3: If a bad guy has unrestricted physical access to your computer, it's not your computer anymore.

法则＃3：如果一个坏人可以不受限制地对您的计算机进行物理访问，则不再是您的计算机。

Every password vault has this behavior. If your passwords are stored locally, they may be encrypted but they are stored with reversal encryption.

每个密码库都有此行为。 如果您的密码存储在本地，则可能会对其进行加密，但是会使用反向加密进行存储。

Is this a security problem/bug/flaw? No. You saved your passwords as the user and they can be retrieved by code running as the user.

这是安全问题/错误/缺陷吗？ 否。您已将密码保存为用户，并且可以通过以用户身份运行的代码来检索密码。

Here's some just a few lines of code to retrieve and dump your Windows Password Vault on Windows 8.

以下是几行代码，可用于在Windows 8上检索和转储Windows Password Vault。

using System;

namespace DumpCredentials {
    class Program {
        static void DumpCredentials(Windows.Security.Credentials.PasswordCredential cred) {
            Console.WriteLine("Resource: {0}", cred.Resource);
            Console.WriteLine("UserName: {0}", cred.UserName);
            Console.WriteLine("Password: {0}", cred.Password);
        }
        static void Main(string[] args) {
            Windows.Security.Credentials.PasswordVault vault = new Windows.Security.Credentials.PasswordVault();
            Console.WriteLine("{0}", vault.GetType());
            foreach (var cred in vault.RetrieveAll()) {
                cred.RetrievePassword();
                DumpCredentials(cred);
            }

        }
    }
}

Feel free to change your browser settings if you like to not save your passwords, or consider other password vaults like LastPass, KeePass, or 1Password.

如果您不想保存密码，或者考虑使用其他密码库(例如LastPass，KeePass或1Password)，可以随时更改浏览器设置。

Chrome (Chrome)

...and also...

...并且...

IE浏览器 (Internet Explorer)

火狐(FireFox)

The code to dump Windows 8 Paswords is here. It will compile with VS2012 on Win 8. If you just want the EXE to run, download it here.

转储Windows 8 Paswords的代码在这里。 它将在Win 8上与VS2012一起编译。如果您只想运行EXE，请在此处下载。

翻译自: https://www.hanselman.com/blog/saving-and-retrieving-browser-and-other-passwords

检索禁用浏览器的密码提示