Differences
This shows you the differences between the selected revisions of the page.
| 2012-07-11 | 2015-07-02 | ||
| Once more (Petr) | one can now recover password using password logging or generate url (martin) | ||
| Line 2: | Line 2: | ||
| Yes you can. And in fact anybody with access to your computer can do it too. That's why you should **NEVER** [[security_credentials#storing_password|store your password]] to WinSCP session without using [[master_password|master password]]. Read more about [[security_credentials|security of stored credentials]]. | Yes you can. And in fact anybody with access to your computer can do it too. That's why you should **NEVER** [[security_credentials#storing_password|store your password]] to WinSCP session without using [[master_password|master password]]. Read more about [[security_credentials|security of stored credentials]]. | ||
| - | There are lots of tools allowing recovery of your password. E.g. search the Internet for "FTP password recovery". | + | One way is to recover your password is enabling a password logging in preferences. See //[[ui_pref_logging|Log passwords and other sensitive information]]// preference option. Then inspect the session log file to find the stored password. |
| + | |||
| + | <code> | ||
| + | . 2015-07-02 18:44:56.823 -------------------------------------------------------------------------- | ||
| + | . 2015-07-02 18:44:56.823 WinSCP Version 5.7.4 (Build 5553) (OS 6.3.9600 - Windows 8.1) | ||
| + | . 2015-07-02 18:44:56.823 Configuration: HKCU\Software\Martin Prikryl\WinSCP 2\ | ||
| + | . 2015-07-02 18:44:56.823 Log level: Debug 1, Logging passwords | ||
| + | ... | ||
| + | . 2015-07-02 18:44:56.823 -------------------------------------------------------------------------- | ||
| + | . 2015-07-02 18:44:56.823 Session name: My server (Site) | ||
| + | . 2015-07-02 18:44:56.824 Host name: example.com (Port: 22) | ||
| + | . 2015-07-02 18:44:56.824 User name: martin (Password: mypassword, Key file: No) | ||
| + | </code> | ||
| + | |||
| + | You can also abuse a [[ui_generateurl|Generate URL function]] to retrieve the saved password. Note that special symbols in the password may get URL-encoded, see a [[session_url#special|decryption key]]. | ||
| **Remember**, once you recover your password, change it to a new one, and **DO NOT** store it again! | **Remember**, once you recover your password, change it to a new one, and **DO NOT** store it again! | ||
| If you want to continue storing your password, protect it by [[master_password|master password]]. | If you want to continue storing your password, protect it by [[master_password|master password]]. | ||