Password Secrets of Popular Windows Applications

HOME TOOLS ARTICLES RESEARCH DOWNLOAD BLOG ABOUT CONTACT

Latest Tool

ProcNetMonitor 2.7

Updated: 2 Sep 2010

Tool of the Month

DllHijackAuditor 1.0

Book of the Month

Recommended book for any one who would like to know in & out of the Cyber crooks, their operations and the framework in which they operate to make millions behind the lines. Book of the month list.

Latest Stuff

Updated ProcNetMonitor 2.7

Released DllHijackAuditor, new tool to audit against Dll Hijack Vulnerability

Released SpyBHORemover 2.5

Updated SXPasswordSuite 1.0

ThunderbirdPassDecryptor, new tool to recover Thunderbird Passwords is released.

Top Tools

GooglePasswordDecryptor

FirePasswordViewer

SpyDLLRemover

ChromePasswordDecryptor

NetworkPasswordDecryptor

SpyBHORemover

FirePassword

IEPasswordDecryptor

ProcNetMonitor

SXPasswordSuite

...more statistics

Contents

Introduction
Password Secrets of Windows Applications
Password Recovery Tools

Introduction

In today's Internet driven world, all of us use one or other applications starting from browsers, mail clients to instant messengers. Most of these applications store the sensitive information such as user name, password in their private location using proprietary methods. This prevents hassle of entering the credentials every time during the authentication.

However it is important to know that this secret information if landed in other person's hands either accidentally or by destiny then it can easily put your privacy at risk. Some applications take utmost care to secure these sensitive information from prying eyes. But most applications use simple methods or rather obscure methods to store the credentials which can easily put your privacy in jeopardy as any spyware on your system can easily uncover these secrets. Also it is equally true with any one who has access to your system.

Password Secrets

In this context, this article is going to throw a light on those dark regions by exposing the secret storage location and encryption mechanism used by most popular applications. It is also going to present the pointers on how one can uncover such passwords using the tools available today. The last section is going to list top password tools which can be used to automatically recover passwords stored by these applications.

Password Secrets of Windows Applications

Here is the list of popular applications falling into various categories such as Internet browsers, Email clients, Instant Messengers etc whose password secrets are exposed below.

Internet Browsers

Firefox

Firefox with version 3.5 and earlier stores the sign-on passwords in the 'signons.txt' file located in its profile directory. With version 3.5 onwards Firefox started storing the sign-on passwords in Sqlite database file named 'signons.sqlite'. The passwords stored in this sign-on file are encrypted using 3DES followed by BASE 64 encoding mechanism.

Here is the default location of Firefox profile directory,

[Windows XP]
C:\Documents and Settings\<user_name>\Application Data\Mozilla\Firefox\Profiles\<random_name>.default

[Windows Vista & Windows 7]
C:\Users\<user_name>\AppData\Roaming\Mozilla\Firefox\Profiles\<random_name>.default

To know how and what information is stored in this encrypted sign-on file, refer to this article page. You can instantly recover all these sign-on passwords using tools such as FirePassword (command line) or FirePasswordViewer (GUI).

Firefox provides additional protection option called 'master password' to prevent malicious users from discovering these sign-on passwords. Master password as such is not stored any where directly but it's one way hash and other relevant information is stored in the key3.db file within the profile directory. For more details about it, refer to Firemaster article page.

In case you have lost your master password, then you can recover it using FireMaster tool.

Related Tools: FirePassword, FirePasswordViewer, FireMaster

Internet Explorer

Internet Explorer stores two types of passwords, sign-on and HTTP basic authentication (generally proxy, router configuration) passwords. IE below version 7 stores both sign-on and HTTP basic authentication passwords in the secure location known as 'Protected Storage' in the following registry location,

HKEY_CURRENT_USER\Software\Microsoft\Protected Storage System Provider

With version 7 onwards IE uses the new mechanism to store the sign-on passwords. The encrypted password for each website are stored along with hash of the website URL in the following registry location.

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\IntelliForms\Storage2

Also IE 7 onwards, HTTP basic authentication passwords are stored in the 'Credentials store' at following location based on the operating system.

[Windows XP]
C:\Documents and Settings\[username]\Application Data\Microsoft\Credentials

[Windows Vista and Windows 7]
C:\Users\[username]\AppData\Roaming\Microsoft\Credentials

For complete details on how IE stores these passwords and how to recover them refer to main article page, 'Exposing the Secrets of Internet Explorer'.

You can instantly recover stored passwords for all versions of IE using the tool, IEPasswordDecryptor.

Related Tools: IEPasswordDecryptor, NetworkPasswordDecryptor

Google Chrome

Google Chrome stores all sign-on passwords in the sqlite database file called 'Web Data' within the profile directory. Here is the default location of Chrome profile directory.

[Windows XP]
C:\Documents and Settings\<user_name>\Local Settings\Application Data\Google\Chrome\User Data\Default

[Windows Vista & Windows 7]
C:\Users\<user_name>\Appdata\Local\Google\Chrome\User Data\Default

Each stored sign-on entry mainly contains website URL, username field id, username, password field id and encrypted password. For complete information on how password is encrypted and other related details, refer to following research article page, 'Exposing the Password Secrets of Google Chrome'

You can use ChromePasswordDecryptor to automatically recover all the stored sign-on passwords by Chrome.

Related Tools: ChromePasswordDecryptor, GooglePasswordDecryptor

Opera

Opera stores the login passwords in an encrypted format in the 'Magic Wand File' called 'Wand.dat' within its profile directory. This profile path is different for different versions of Opera as shown below.

For Opera Version 10 and above
[Windows NT/2K/2k3/XP]
C:\Documents and Settings\<username>\Application Data\Opera\Opera\wand.dat

[Windows Vista/Windows 7]
C:\users\<username>\AppData\Roaming\Opera\Opera\wand.dat

For Opera Version less than 10
[Windows NT/2K/2k3/XP]
C:\Documents and Settings\<username>\Application Data\Opera\Opera\profile\wand.dat

[Windows Vista/Windows 7]
C:\users\<username>\AppData\Roaming\Opera\Opera\profile\wand.dat

Wand file mainly contains website URL, username and password information which are encrypted using Triple-DES algorithm. For more details on how these secrets are encrypted and how to successfully decrypt them, refer to main research article 'Exposing the Secret of Decrypting Opera's Magic Wand'

You can use OperaPasswordDecryptor to instantly recover stored passwords from Opera's magic Wand file.

Related Tools: OperaPasswordDecryptor

Email Clients

ThunderBird

ThunderBird stores all remembered email settings along with password into the SQLite database file 'signons.sqlite' in its profile location. The default profile location for different platforms is as follows,

[Windows XP]
C:\Documents and Settings\<user_name>\Application Data\Thunderbird\Profiles\<random_name>.default

[Windows Vista & Windows 7]
C:\Users\<user_name>\AppData\Roaming\Thunderbird\Profiles\<random_name>.default

You can use ThunderbirdPassDecryptor to recover all stored mail account passwords by Thunderbird.

Related Tools: ThunderbirdPassDecryptor, FirePasswordViewer

Microsoft Outlook

Newer version of Outlook starting from 2002 to latest version 2010, store the passwords (other than exchange server) for various email account such as POP3, IMAP, SMTP, HTTP at following registry location.

[Windows NT onwards]
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles

[Prior to Windows NT]
HKEY_CURRENT_USER\Software\Microsoft\Windows Messaging Subsystem\Profiles

Newer versions of Outlook from 2002-2010 stores the Exchange server passwords in 'Credential Store' as it provides better protection over other methods. You can use OutlookPasswordDecryptor or NetworkPasswordDecryptor to recover such passwords.

Older versions of Outlook (Outlook Express, 98, 2000 etc) stores the Email configuration information along with encrypted password at following registry location,

[For Outlook installed in Internet Mail Only Mode Configuration]
HKEY_CURRENT_USER\Software\Microsoft\Office\Outlook\OMI Account Manager\Accounts

[For Outlook in normal mode]
HKCU\Software\Microsoft\Internet Account Manager\Accounts

For detailed information on how each verion of Outlook stores the passwords for different type of email accounts and how to recover them, read the following research article, 'Exposing the Secret of Decrypting Outlook Passwords'

You can use OutlookPasswordDecryptor to decrypt passwords for all versions of Outlook from 98 to 2010.

Related Tools: OutlookPasswordDecryptor, NetworkPasswordDecryptor

Gmail Notifier

Gmail Notifier uses different mechanism to store the Google account password based on IE versions. For IE version 7 onwards, Gmail Notifier stores the password in the 'Windows Credential Store'. This password can be decrypted using CredEnumerate API function. For complete code sample to enumerate and decrypt Google account password from Credential store, read on to this article, 'Exposing Google Password Secrets'.

You can use GooglePasswordDecryptor or NetworkPasswordDecryptor tool to instantly recover all Google account password stored by Gmail Notifier.

Related Tools: GooglePasswordDecryptor, NetworkPasswordDecryptor

Instant Messengers

Google Talk (GTalk)

Google Talk (GTalk) stores all remembered gmail account information at following registry location.

HKEY_CURRENT_USER\Software\Google\Google Talk\Accounts

For each Google account separate registry key is created with the account email id as name under this key. Account password is encrypted and stored in the registry string value named 'pw' within this account registry key.

For more information on what mechanism GTalk uses to encrypt the password and how to decrypt it refer to following research article, 'Exposing Google Password Secrets'

You can use GooglePasswordDecryptor or IMPasswordDecryptor to instantly recover all stored Google account passwords by Gtalk.

Related Tools: GooglePasswordDecryptor, IMPasswordDecryptor

Windows Live Messenger

Windows Live Messenger stores the account password at 'Credential Store' which provides different mechanisms such as 'Generic', 'Domain Network', 'Domain Visible Network' etc which applications can use to store and retrieve their private credentials. Each such method requires different technique and privilege level to enumerate and decrypt the passwords.

Windows Live Messenger uses 'Generic Password' mechanism of 'Credential Store' to store the passwords under the target name 'WindowsLive:name=<email_id>'. To know more about how 'Credential Store' works and how to recover stored passwords from it, read on to this research article, 'Exposing the Secret of Decrypting Network Passwords'

You can use IMPasswordDecryptor or NetworkPasswordDecryptor to instantly recover all such passwords stored by Live Messenger.

Related Tools: IMPasswordDecryptor, NetworkPasswordDecryptor

MSN Messneger

MSN Messenger also uses 'Credential Store' to securely store the remembered passwords. These passwords are stored as type 'Domain Visible Network' aka '.Net Passport' using the target name as '.Net passport' within the 'Credential Store'.

For more details on how these type of passwords can be recovered using 'Credential Store' read on to following research article, 'Exposing the Secret of Decrypting Network Passwords'

You can recover all MSN messenger stored passwords using IMPasswordDecryptor

Related Tools: IMPasswordDecryptor, NetworkPasswordDecryptor

Yahoo Messenger

Yahoo Messenger prior to version 7.5 used to store the password in the registry value 'EOptions String' at following registry location,

HKEY_CURRENT_USER\Software\Yahoo\Pager

This encrypted password can be decrypted using ycrwin32.dll (can be found in installed location of Yahoo Messenger). This DLL has 2 functions, init() and decrypt() which can be used in sequence to decrypt this password.

For version 7.5 onwards, Yahoo stores one way hash of the password in the registry value 'ETS' at the above registry location. This hash itself is used to authenticate during login. Though you cannot recover the password, you can copy this value to another machine and continue to login to Yahoo Messenger.

Skype

Skype does not store password directly. Instead it stores the encrypted hash of the password in the 'config.xml' located in Skype's user profile directory. Typical user profile directory for Skype will be as follows,

[Windows XP]
C:\Documents and Settings\<user_name>\Application Data\Skype\<account_name>

[Windows Vista & Windows 7]
C:\Users\<username>\AppData\Roaming\Skype\<account_name>

This config.xml contains <Credentials2> tag which contains encrypted hash of the password. As per the research paper 'Vanilla Skype' written by Fabrice Desclaux and Kostya Kortchinsky, Skype uses the MD5 hash of string "username\nskyper\npassword" for authentication. If user has set the 'Remember password' option then this MD5 hash is encrypted using AES-256 & SHA-1 algorithms and finally saved into the 'Config.xml' file.

Since the HASH of the password is saved, it is not possible to directly get the password. Instead one has to use dictionary or brute force approach to find out the right password from the hash. This approach may take days or months together based on the length & complexity of the password.

You can use 'SkypePassword' from Lastbit to recover stored Skype password.

Related Tools: SkypePassword by Lastbit

AIM (AOL Instant Messenger)

AIM version 6 onwards stores the password at the following registry location,

HKEY_CURRENT_USER\Software\America Online\AIM6\Passwords

AIM PRO version uses the different registry location to store the passwords,

HKEY_CURRENT_USER\Software\AIM\AIMPRO\<Account_Name>

AIM uses the Blowfish algorithm to encrypt the password and then encodes it using BASE 64 method. The resulting password is saved at above registry location.

You can use Mspass tool from Nirsoft to recover all AIM passwords.

Related Tools: Mspass by Nirsoft

Trillion

Trillion Astra stores all IM account passwords (Yahoo, Gmail, AIM etc) in the 'accounts.ini' file at following location,

[Windows XP]
C:\Documents and Settings\<user_name>\Application Data\Trillian\users\global\

[Windows Vista & Windows 7]
C:\Users\<username>\AppData\Roaming\Trillian\users\global\

For each account it contains section named '[Account<number>]" under which all information for that account is stored. Username is stored in the field named 'Account=' and password is stored in the field 'Password='. Trillion first performs XOR encoding of the password with standard pattern and then encodes it with BASE64 before storing it.

You can recover Trillion IM passwords using IMPasswordDecryptor.

Related Tools: IMPasswordDecryptor

Pidgin (Formerly Gaim)

Pidgin stores all configured account passwords in the "Accounts.xml" file located at following directory

[Windows XP]
C:\Documents and Settings\<user_name>\Application Data\.purple

[Windows Vista & Windows 7]
C:\Users\<username>\AppData\Roaming\.purple

Older versions (Gaim) used .gaim folder instead of .purple to store the account details. For each stored account, 'Accounts.xml' file contains the <account> tag, which has sub tags <name> & <password> containing the account email address and password in plain text respectively.

You can recover Pidgin passwords using IMPasswordDecryptor.

Related Tools: IMPasswordDecryptor

Digsby

Newer versions of Digsby (Build 78 - r27225 as of this writing) stores main account password in the 'logininfo.yaml' file at following location,

[Windows XP]
C:\Documents and Settings\<user_name>\Local Settings\Application Data\Digsby

[Windows Vista & Windows 7]
C:\Users\<user_name>\AppData\Local\Digsby

Digsby stores only main account password locally and all other IM account passwords (such as Yahoo, Gmail, AIM) are stored in the servers. Main Digsby password is encrypted using RC4 algorithm with username, windows product id, install date as key and resulting password is then encoded with BASE64 before storing into the above password file.

Earlier versions of Digsby used to save the password in the 'Digsby.dat' file at following location,

[Windows XP]
C:\Documents and Settings\<user_name>\Application Data\Digsby

[Windows Vista & Windows 7]
C:\Users\<user_name>\AppData\Roaming\Digsby

Earlier Digsby versions used only RC4 encryption algorithm with 'foo' as key without BASE64 encoding. For more information refer to an interesting blog post 'Art of Decrypting Digsby Password'

You can use 'Password Recovery for Digsby' from Reactive-Software to recover Digsby password for all versions.

Related Tools: 'Password Recovery for Digsby' by Reactive-Software

PaltalkScene

PaltalkScene stores main account password at following registry location

HKEY_CURRENT_USER\Software\Paltalk\<nick_name>

Password is encrypted and stored in the registry value 'pwd' under this key. All other IM passwords such as Gmail, Yahoo, AIM etc are saved under separate sub keys under this registry key. For example Gmail accounts are stored under following registry key,

HKEY_CURRENT_USER\Software\Paltalk\<nick_name>\GGL\<gmail_address>

All these IM passwords are encoded with BASE64 and stored in 'pwd' registry value. For more technical details on how Paltalk encrypts the password and how to decode this password, refer to blog post 'Art of Decrypting Paltalk Password'

You can recover main password as well as all the IM passwords stored by Paltalk using 'Paltalk Password Recovery' tool.

Related Tools: Paltalk Password Recovery by Reactive-Software

MySpace IM

MySpaceIM is one of the upcoming instant messenger which stores the user account & password details at following location.

[Windows XP]
C:\Documents and Settings\<user_name>\Application Data\MySpace\IM\users.txt

[Windows Vista & Windows 7]
C:\Users\<user_name>\AppData\Roaming\MySpace\IM\users.txt

The user login email id is stored in clear text where as the password is in encrypted format. The password is encrypted using 'Windows Crypto API' functions and then encoded using BASE64 algorithm beforing storing into this file. So in order to decrypt it successfully one has to decode the password using BASE64 and then decrypt it using CryptUnprotectData function.

You can use IMPasswordDecryptor to instantly recover stored account passwords by MySpaceIM.

Related Tools: IMPasswordDecryptor

MirandaIM

Miranda is the free instant messenger which stores the user account & password details at following location.

[Windows XP]
C:\Documents and Settings\<user_name>\Application Data\Miranda\<profile_name>.dat

[Windows Vista & Windows 7]
C:\Users\<user_name>\AppData\Roaming\Miranda\<profile_name>.dat

Miranda uses modified version of ICQ database format to store all the account details. You can view this file in any hex editor and search for 'AM_BaseProto' signature to find each of the account details. Username is stored in clear text and password is stored in encoded format after the string 'Password' string.

Password is encoded using simple algorithm,

encPassword[i] = Password[i] + 5;

Decoding is simple, just reverse the flow as shown below,

Password[i] = encPassword[i] - 5;

You can use IMPasswordDecryptor to instantly recover stored account passwords by Miranda.

Related Tools: IMPasswordDecryptor

Miscellaneous Applications

FileZilla

FileZilla stores all account information along with username & password in the "recentservers.xml" file at following location,

[Windows XP]
C:\Documents and Settings\<user_name>\Application Data\FileZilla

[Windows Vista & Windows 7]
C:\Users\<username>\AppData\Roaming\FileZilla

This xml file contains entry for each ftp server account with tag <server>. For each server entry, there is <user> & <pass> tags which contains user name & password in plain text for corresponding FTP server.

You can use 'FTP Password Recovery' tool from Reactive-Software to recover all FTP server passwords stored by FileZilla

Related Tools: 'FTP Password Recovery' by Reactive-Software

Remote Desktop

Remote Desktop stores the saved credentials at 'Credential Store' using the target name as 'LegacyGeneric:target=TERMSRV/<Host_IP_address>'. As many applications use 'Credential Store' to save their passwords, this target name can be used to uniquely identify 'Remote Desktop' stored passwords.

For more information on how 'Credential Store' works and how to recover the password, read on to this research article 'Exposing the Secret of Decrypting Network Passwords'

You can use 'NetworkPasswordDecryptor' to recover the passwords stored by Remote Desktop.

Related Tools: NetworkPasswordDecryptor

Google Desktop Search

'Google Desktop Search' stores the Google account information in the registry when it is configured to search your Gmail account. Here is the registry location,

HKEY_CURRENT_USER\Software\Google\Google Desktop\Mailboxes\Gmail

The above registry key contains the 2 main registry values, 'POP3_name' & 'POP3_credentials' holding the Google account name & encrypted password respectively. For more details on how to decrypt this password, read on to following research article, 'Exposing Google Password Secrets'.

You can use GooglePasswordDecryptor tool to instantly recover any such password stored by Google Desktop Search.

Related Tools: GooglePasswordDecryptor

Picasa

Picasa stores Google account password information at one of the following registry location.

HKEY_CURRENT_USER\Software\Google\Picasa\Picasa2\Preferences
HKEY_CURRENT_USER\Software\Google\Picasa\Picasa3\Preferences

Some of the early releases of Picasa 3 version used second location, but later switched back to previous location itself. The registry value 'gaiaEmail' contains the Google account id and 'gaiaPass' contains the encrypted password. Picasa versions 2 and 3 uses different encryption mechanisms to store the password. For complete information on how to decrypt stored passwords by different versions of Picasa, read on to article 'Exposing Google Password Secrets'.

GooglePasswordDecryptor can automatically recover the password for different versions of Picasa.

Related Tools: GooglePasswordDecryptor

TweetDeck

TweetDeck is the one of the popular Twitter client which also support other social networking sites such as Facebook, LinkedIn, MySpace, Buzz etc. It is developed using Adobe Air framework and hence it uses 'Encrypted Local Storage' (in short ELS) mechanism provided by Adobe Air to store all the account credentials. The encrypted password files are stored at following location based on the platform,

[Windows XP]
C:\Documents and Settings\<user_name>\Application Data\Adobe\AIR\ELS\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1

[Windows Vista & Windows 7]
C:\Users\<user_name>\AppData\Roaming\Adobe\AIR\ELS\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1

On Windows, Adobe AIR uses DPAPI functions to encrypt the credentials using the 128 bit AES-CBC algorithm. Here is the typical sequence which is generally used to store the secret data.

var strToEncrypt:String = "passw0rd";

var myByteArray:ByteArray = new ByteArray();

myByteArray.writeUTFBytes(strToEncrypt);

EncryptedLocalStore.setItem("securityxploded", myByteArray);

I am still researching on to recover the account passwords stored by TweetDeck. I will update here as I discover more secrets.

Password Recovery Tools

ChromePasswordDecryptor

Like other browsers Chrome also has built-in login password manager functionality which keeps track of the login secrets of all visited websites. ChromePasswordDecryptor tool makes it easy to decrypt or recover these login secrets stored by Chrome. It automatically detect the default chrome profile path for the current user and displays all the stored login credentials in clear text after decrypting them.

Read more >>>

FireMaster

Firefox uses master password to protect the stored sign-on information for various websites. If the master password is forgotten, then there is no way to recover the master password and user has to lose all the sign-on information stored in it. To prevent this problem, I have developed FireMaster which uses combination of techniques such as dictionary, hybrid and brute force to recover the master password from the Firefox key database file.

Read more >>>

FirePassword

FirePassword is FREE console based tool to instantly recover login passwords stored by Firefox. Like other browsers, Firefox also stores the login details such as username, password for every website visited by the user at the user consent. All these secret details are stored in Firefox sign-on database securely in an encrypted format. FirePassword can instantly decrypt and recover these secrets even if they are protected with master password.

Read more >>>

FirePasswordViewer

FirePasswordViewer is the GUI version of popular FirePassword tool to recover login passwords stored by Firefox. Like other browsers, Firefox also stores the login details such as username, password for every website visited by the user at the user consent. All these secret details are stored in Firefox sign-on database securely in an encrypted format. FirePasswordViewer can instantly decrypt and recover these secrets even if they are protected with master password.

Read more >>>

GooglePasswordDecryptor

GooglePasswordDecryptor is the free tool to recover stored Google account passwords by various applications. Most of the Google's desktop applications such as GTalk, Picassa etc store the account passwords in their private encrypted store to prevent hassale of entering the password everytime. GooglePasswordDecryptor goes through each of these application's encrypted stores and decrypts this Google account password.

Read more >>>

IEPasswordDecryptor

IEPasswordDecryptor is the free tool to quickly and easily recover stored passwords from Internet Explorer. It can recover both Autocomplete and HTTP basic authentication based passwords from IE secret store. It also comes with distinctive feature which allows the user to reset the IE content advisor password in case user has lost it.

Read more >>>

IMPasswordDecryptor

IMPasswordDecryptor is the free tool to quickly and easily recover stored passwords from Internet Explorer. It can recover both Autocomplete and HTTP basic authentication based passwords from IE secret store. It also comes with distinctive feature which allows the user to reset the IE content advisor password in case user has lost it.

Read more >>>

NetworkPasswordDecryptor

NetworkPasswordDecryptor is the free tool to instantly recover the network passwords stored in the 'Credential Store' of Windows. It support recovery of all type of network passwords on all platforms starting from Windows XP to latest Windows 7.

Read more >>>

OperaPasswordDecryptor

OperaPasswordDecryptor is the FREE tool to instantly recover the passwords stored by all versions of Opera. Like other internet browsers such as IE, Firefox etc Opera also stores the username/passwords for websites visited by user in the password file (wand.dat) in an encrypted format. OperaPasswordDecryptor can recover all these stored encrypted passwords instantly and present it in a user readable clear text format.

Read more >>>

OutlookPasswordDecryptor

OutlookPasswordDecryptor is the FREE tool to instantly recover lost password for all versions of Outlook Application. Outlook stores the password for subsequent logins when user selects the 'Remember Password' option during authentication. The password is stored in the encrypted format and only respective user can decrypt the password.

Read more >>>

ThunderbirdPassDecryptor

ThunderbirdPassDecryptor is the FREE tool to instantly recover the stored mail account password by Thunderbird. Like other email clients, it also stores the mail account passwords on the local system for subsequent logins so that user don't have to type the password everytime using its own private mechanism with powerful encryption algorithm.ThunderbirdPassDecryptor helps in instantly recovering such stored mail account passwords and get the complete account access details.

Read more >>>