In the last three articles in my series on stored passwords, I mainly discussed Windows-related passwords. Today, I will focus on saved Internet Explorer passwords.

Profile gravatar of Michael Pietroforte

Michael Pietroforte

Michael Pietroforte is the founder and editor of 4sysops. He is a Microsoft Most Valuable Professional (MVP) with more than 30 years of experience in IT management and system administration.
Profile gravatar of Michael Pietroforte

The two types of saved Internet Explorer passwords ^

I already mentioned in my post about the Windows Vault that some saved Internet Explorer passwords can be managed with the Credential Manager. These are HTTP authentication passwords, that is, passwords that are used to authenticate against a Web server (Internet Information Server, Apache, etc.). Passwords that are used to log on to a Web site with an HTML form (through a content management system) are not stored in the Windows Vault.

You can make out the difference between these two authentication forms easily. HTTP authentication always prompts a separate dialog window in Internet Explorer where you have to enter the credentials. HTML authentication is usually integrated within the Web page. This also makes clear why these passwords are not stored in the Window Vault.

Internet Explorer uses its auto-complete feature to manage passwords that you have to enter in HTML forms. The advantage is that you can use different accounts for a specific Web site. You just have to start typing the user name, and Internet Explorer will fill out the form fields for the user name and the password automatically.

Manually disable Internet Explorer saved passwords ^

As mentioned in my last posts, storing passwords always poses a risk, especially if you use functions integrated in Windows. If your organization values security above all, then you should consider disabling Internet Explorer saved passwords.

Internet Explorer Internet Options AutoComplete

Users can turn off this feature themselves if they don't want to be bothered by the AutoComplete feature. In Internet Explorer 8, you will find the AutoComplete settings in the Content Tab under Tools | Internet Options.

Internet Explorer AutoComplete Settings

Disable Internet Explored saved passwords with Group Policy ^

If you don't trust your users in these matters, you might want to disable Internet Explorer saved passwords network-wide with Group Policy. The name of the GPO settings is "Turn on the auto-complete feature for user names and passwords on forms." You can find it under User Configuration | Administrative Templates | Windows Components | Internet Explorer. You have to disable this setting if you want to disallow Internet Explorer saved passwords.

If you just don't want new passwords to be saved and allow users to be able to still use old credentials, you can enable this GPO setting and leave the "Prompt me to save passwords" option unchecked.

Group Policy Internet Explorer Disable Saved Passwords

Notice that you can't pre-configure these settings with the Group Policy Preferences because the Content tab is missing here. These security relevant settings should be enforced with policies.

Delete saved Internet Explorer passwords ^

Notice that disabling saved Internet Explorer passwords won't delete the passwords. If you change the GPO setting to "not configured" again, then users will be able to use their old stored passwords. Users can delete saved Internet Explorer passwords at the General tab in Internet Options by deleting the corresponding Browsing History.

Saved Internet Explorer passwords storage location ^

If you don't want to rely on your users, then you can delete all saved Internet Explorer passwords with a script. Windows stores the Internet Explorer password in the Registry under HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\IntelliForms.

Recover saved Internet Explorer passwords ^

Of course, the Internet Explorer passwords are encrypted in the Registry. However, it is not a big deal to recover these passwords with third-party tools. This can be useful if a user forgot the password and can't log on after you disabled Internet Explorer saved passwords. A good free tool to recover saved Internet Explorer passwords is IE Passview. Of course, you can't recover the passwords with this tool if you already deleted the stored passwords in the Registry.

Win the monthly 4sysops member prize for IT pros

Share
1+

5 Comments
  1. avatar
    Jeff 6 years ago

    I have been trying to figure out a saved password issue in internet explorer for several months now, and this post finally solved my issue. THANK YOU!!!

    0

  2. avatar
    Donny_G 4 years ago

    IE Passview also works on IE 11. Awesome info Michael - will bookmark this!

    0

  3. Profile gravatar of Michael Pietroforte
    Michael Pietroforte 4 years ago

    Thanks 🙂

    0

  4. avatar
    Aaron D 3 years ago

    Needed to disable password saving on some common area computers. Your screenshot saved me tons of time hunting down the setting. Thanks!

    0

  5. avatar
    Brandon L 3 years ago

    I have been tryin to recover a password for a client she uses I.E 8 i have never been this stumped after doing this for 20 years but when she goes to hotmail.com it instantly logs her in an loads email without showing the login page.

    She has degrading health from hep c sue to a hospital error and cant remember her recovery information this windows vista laptop of hers is a junk pile.

    By chance is there a way to find this password with a cookie viewer/decrypter?

    She is paying me good money and I feel like a crook and I am not charging her for more than 2 days of service due to me not being able to find this password for her so we can set up her windows 7 laptop to get the email so she can junk this vista thing.

    I did the IE passview and of course what happened her brother worked on the laptop and cleaned the registry so I have no other way than asking for help.

    Anything helps and in advanced thank you for this article and for your time.

    Brandon Liles

    0

Leave a reply

Your email address will not be published. Required fields are marked *

*

CONTACT US

Please ask IT administration questions in the forum. Any other messages are welcome.

Sending
© 4sysops 2006 - 2017

Log in with your credentials

or    

Forgot your details?

Create Account