Most modern browser ask if you want to save your password after a successful authentication, but should you really do that?

Saving your passwords in any form should never be considered secure, but did you know how easy it really is to reverse passwords saved in the browser? Once the browser auto populates the username and password fields it’s really easy to unmask the password again. This works in any browser, but for convenience, I’ll use Google Chrome.

First of all use Google Chrome and go to your favorite website where you have saved your credentials. In case the fields aren’t automatically populated, you can click the “key” icon in the upper right corner of the address bar (depending on browser) and get a list of saved credentials for the current website.

From here click the F12 key on your keyboard and Google Developer Tools should appear. Different browsers have their own developer tools or may require a plugin to be installed. Next click on the little square with the arrow inside (or CTRL+SHIT+C) and select the password-field. This should tell you exactly what line of HTML is responsible for the password field. Since the text and password fields are identical apart from the tag type=”password” you can now simply double click on type=”password” and change the value to type=”text”.

Behold! You’ll now see your password in plain text… 🙂