IE irritation

Using Win 7 and IE 11.

I used "Save Password" on my local ethernet webcam and now I've changed
the password on the camera but I cannot seem to get IE to forget the
original oassword and remember the new one. Using Internet Options -
Delete - Passowords doesn't seem to do it nor can I find the original
password in the registry (not that I expected to find it plaintext).

So how to I get IE to update the password from old to new for a site it
seems to remember even though History is also supposed to be deleted?

pjp wrote:

Using Win 7 and IE 11.

I used "Save Password" on my local ethernet webcam and now I've changed
the password on the camera but I cannot seem to get IE to forget the
original oassword and remember the new one. Using Internet Options -
Delete - Passowords doesn't seem to do it nor can I find the original
password in the registry (not that I expected to find it plaintext).

So how to I get IE to update the password from old to new for a site it
seems to remember even though History is also supposed to be deleted?

I don't know if the utility described at the
end of this article will help or not. The
page does describe how storage of passwords
has changed over the years.

http://www.nirsoft.net/utils/interne..._password.html

Paul

pjp wrote on 2015/12/26:

Using Win 7 and IE 11.

I used "Save Password" on my local ethernet webcam and now I've changed
the password on the camera but I cannot seem to get IE to forget the
original oassword and remember the new one. Using Internet Options -
Delete - Passowords doesn't seem to do it nor can I find the original
password in the registry (not that I expected to find it plaintext).

So how to I get IE to update the password from old to new for a site it
seems to remember even though History is also supposed to be deleted?

Probably because the password saved is for a host and not a web site.
When the separate dialog appears asking to save your password, that is
for the cached networked hosts passwords. Your webcam looks like a
networked device hence a host on your network. IE caches web site
passwords. For host passwords:

- In the Start menu searchbox, enter "network password".
- Select "Manage network passwords" in the search results.

You'll see the host cached passwords in the Windows Vault. I just did
this and did not realize my old Xmarks account was still listed, so I
removed that cached host password.

In article , says...
Manage network passwords


Thank you, that did it. Such an obscure means of accomplishing something
geez!!!

In article ,
says...

In article , says...
Manage network passwords


Thank you, that did it. Such an obscure means of accomplishing something
geez!!!

Argh!!! Thought IE somehow seemed to remember the old password because
of the number of hidden chars it showed. Older versions just showed
number that you used, IE 11 hides that showing more and for a few times
I didn't realize it LOL

pjp wrote on 2015/12/27:

Argh!!! Thought IE somehow seemed to remember the old password because
of the number of hidden chars it showed. Older versions just showed
number that you used, IE 11 hides that showing more and for a few times
I didn't realize it LOL

Many password input objects will not show asterisks (or whatever masking
character) in the same count as the characters entered. That's to deter
someone looking over your shoulder (aka shoulder surfing) and counting
characters to help them crack your password. Of course, if they're
looking over your shoulder, you had better be a fast typist and have
them not notice if and when you hit the shift key (password fields are
prevalently case sensitive, and you should include a mix of lower and
uppercase in your password). It also helps to prevent some malware from
knowing the length of your password.

There really should be no faithful correlation between the number of
characters you enter and the number of masking characters displayed on
the screen. It's been a long-time security measure but not employed by
all programs. For example, if I saw you 8 mask characters as you enter
your password, I might try to crack it; however, if I saw 19 masking
characters, I might not bother trying to brute force crack the longer
password. The idea is to NOT provide any details about your password,
like the use of non-alphanumerc characters, which ones are lower or
upper case, and including the length of the password. For a program
that does input masking, it should not add N characters for every 1
character entered. It should alter at random how many mask characters
are entered for each character actually entered. Sometimes 1 mask
character, sometimes 2, sometimes 3, and so on.

Having the number of mask characters displayed equal the number of
actual characters entered would assist the user entering their password.
They might see that they entered 9 characters instead of the 8 for their
password. Ease of use and security are the antithesis of each other.
Most users just enter their password blindly (not looking at the screen
but watching their fingers on the keyboard or can type without looking).
I don't recall ever watching the input field for a password and counting
the mask characters one by one to make sure they matched me entering the
actual characters on the keyboard. One, that means I would have to be a
hunt-and-peck or 2-finger typist: very slow. Two, anyone shoulder
surfing wouldn't be counting the mask characters but could instead
easily watch what characters I typed one finger at a time very slowly.
Telling everyone to turn around as you type in a password isn't always
doable. What if they don't turn around? Are you going to wait? What
if you are doing a presentation on a big screen and have to login in
front of a whole class? Are you going to have them all stand up to turn
around? No, but do you want them to know how long is your password?

Think about opening a dial combination safe where there may be others
watching (obviously or hidden, like a camera). If you spin the dial 3
times (3 times in different directions) then the observer knows there
are only 3 digits in your combination. If every multiple of 12 was a
null entry (it does nothing to open the safe), you could add more spins
bouncing between 12, 24, 36, 48 in different directions to confuse any
shoulder surfers. They might think there are 8, or more, spins to your
combo and decide to do something other than try to crack the safe than
waste time with an 8-spin combination.