How easy is it to recover a password stored in an application?

Solution 1:

It's fairly easy - any reasonably competent computer user could probably do it.

Of course, that is only a security risk if you assume that someone can read the files on your hard drive. And if it's a virus/trojan doing this, it could already be logging your keystrokes anyway. So I'd say, if you enter passwords on a computer, it's generally ok to store them as well, unless it's a shared system without user-level security.

BTW, many apps allow encrypting the password store (Firefox e.g. does). That should be secure (unless a keylogger is installed, see above).

Solution 2:

Here are some of the ways to retrieve password data in some of the most used web browsers:

I'm running Firefox 34.0.5. On this browser, to view your stored passwords, just go to Menu button -> Options -> Security -> Saved Passwords... -> Show Passwords. I'm also running Chrome 39.0.2171.71 m. On this browser, type chrome://settings/passwords in the URL, click on any sequence of stars appearing as a password, click Show, and enter your Windows password to display the password. For Internet Explorer, go to Settings -> Internet Options -> Content -> Autocomplete -> Settings -> Manage Passwords (this button is, however, missing on my desktop version of Internet Explorer 11.0.9600.17358CO), which brings you to Control Panel -> All Control Panel Items -> Credential Manager -> Web Credentials -> Web Passwords -> entry -> Password: ****** Show. On Opera one can access password information by clicking on Application Menu -> Settings -> Privacy & security -> Passwords -> Manage saved passwords -> click on any sequence of stars appearing as a password, click Show, and enter your Windows password to display the password.

Interestingly enough, after installing Firefox and Chrome and storing web passwords with both browsers, I installed Opera. The Opera browser was able to import all web password credentials from Firefox but not from Chrome.