Where are memorised entries for online forms stored?

[David Anderson]

I am getting increasingly concerned that sensitive
information is memorised somewhere on my PC and I can't
edit or erase it because I've no idea where it is stored.

As a frequent online purchaser, my problem is that as soon
as I start to fill in a field on an online form I often
find myself being prompted to enter text or numbers that I
have used in the past (not necessarily with the same
organisation) that start with the same character.
This 'autocomplete' facility is fine when limited to name
and address fields, but an obvious security risk when it
is a credit card number field.

Password fields are normally free of any such prompting,
but on at least one occasion I found myself accidentally
entering a password immediately after a username - without
tabbing to the password field. The secret store of
previously used usernames then includes a version that
shows the password in clear text!

Obviously, I don't want any other user of my PC to have
access to passwords and credit card details, so I went
searching for files containing any of the relevant text or
number strings. I found one or two similar entries in the
Win2K registry but they were all fairly innocuous examples
of usernames, not the ones I was really looking for.

Originally, I assumed that these text strings were stored
in cookies, but my cookie.txt files are unintelligible
when viewed with Notepad and don't contain the relevant
strings in clear text. Perhaps they are coded in some way?

I would appreciate some help in locating all the possible
sources of such field entry prompting text!

 

[Wouter]

I am getting increasingly concerned that sensitive
information is memorised somewhere on my PC and I can't
edit or erase it because I've no idea where it is stored.

As a frequent online purchaser, my problem is that as soon
as I start to fill in a field on an online form I often
find myself being prompted to enter text or numbers that I
have used in the past (not necessarily with the same
organisation) that start with the same character.
This 'autocomplete' facility is fine when limited to name
and address fields, but an obvious security risk when it
is a credit card number field.

Password fields are normally free of any such prompting,
but on at least one occasion I found myself accidentally
entering a password immediately after a username - without
tabbing to the password field. The secret store of
previously used usernames then includes a version that
shows the password in clear text!

Obviously, I don't want any other user of my PC to have
access to passwords and credit card details, so I went
searching for files containing any of the relevant text or
number strings. I found one or two similar entries in the
Win2K registry but they were all fairly innocuous examples
of usernames, not the ones I was really looking for.

Originally, I assumed that these text strings were stored
in cookies, but my cookie.txt files are unintelligible
when viewed with Notepad and don't contain the relevant
strings in clear text. Perhaps they are coded in some way?

I would appreciate some help in locating all the possible
sources of such field entry prompting text!

Open your Internet Explorer.
Go to: Tools>Internet Options...
Open the Content Tab.
There is a "AutoComplete..." button that gives you several
options.

 

[David Anderson]

Thanks for the info. I've never seen that particular IE
tools option before! However, I'm still puzzled. Where are
these autocomplete entries stored and why can't I find
them with a text string search?

 

[Gary Smith]

Thanks for the info. I've never seen that particular IE
tools option before! However, I'm still puzzled. Where are
these autocomplete entries stored and why can't I find
them with a text string search?

They're stored in the registry, but they're encrypted, so you won't be
able to find them by searching or recognize them if you do happen to
locate them.