Differences
This shows you the differences between the selected revisions of the page.
| faq_password 2011-08-16 | faq_password 2022-09-20 (current) | ||
| Line 1: | Line 1: | ||
| ====== Can I recover password stored in WinSCP session? ====== | ====== Can I recover password stored in WinSCP session? ====== | ||
| - | Yes you can. That's why you should NOT [[session_configuration#password|store your password]] to WinSCP session. Read more about [[security_credentials|security of stored credentials]]. | + | Yes you can. And in fact anybody with access to your computer can do it too. That's why you should **NEVER** [[security_credentials#storing_password|store your password]] to WinSCP session without using [[master_password|master password]]. Read more about [[security_credentials|security of stored credentials]]. |
| - | There are lots of tools allowing recovery of your password. E.g. search the Internet for "FTP password recovery". | + | One way is to recover your password is enabling a password logging in preferences. See //[[ui_pref_logging|Log passwords and other sensitive information]]// preference option. Then inspect the session log file to find the stored password: |
| - | Remember, once you recover your password, change it to a new one, and do NOT store it again! | + | <code> |
| + | . 2019-08-13 07:41:11.313 --------------------------------------------------------------------- | ||
| + | . 2019-08-13 07:41:11.313 WinSCP Version 5.15.3 (Build 9730) (OS 10.0.18362 - Windows 10 Enterprise) | ||
| + | . 2019-08-13 07:41:11.313 Configuration: HKCU\Software\Martin Prikryl\WinSCP 2\ | ||
| + | . 2019-08-13 07:41:11.313 Log level: Normal, Logging passwords | ||
| + | ... | ||
| + | . 2019-08-13 07:41:11.313 --------------------------------------------------------------------- | ||
| + | . 2019-08-13 07:41:11.313 Session name: My server (Site) | ||
| + | . 2019-08-13 07:41:11.313 Host name: example.com (Port: 22) | ||
| + | . 2019-08-13 07:41:11.313 User name: martin (Password: mypassword, Key file: No) | ||
| + | </code> | ||
| + | |||
| + | You can also abuse a [[ui_generateurl|Generate Session URL/Code]] function to retrieve the saved password. Note that special symbols in the password may get escaped. You are most likely to see the password intact in the [[ui_generateurl#code|.NET assembly code]], where only double-quotes are escaped (in all supported languages). | ||
| + | |||
| + | **Remember**, once you recover your password, change it to a new one, and **DO NOT** store it again! | ||
| + | |||
| + | If you want to continue storing your password, protect it by [[master_password|master password]]. | ||