Passwords under Windows

Created on 27th January 2003 by Gil Toombes.
Last updated on 15th April 2005 by Buz Barstow.

Intro
Many times in Windows, your computer asks you for a user name and password. Mapping a network drive is one such case. For your "convenience", Windows "remembers" your password even if you stop using that application or logout. Another person can then access that same resource without needing the password. For most things this isn't a problem, but there may be cases where you'd like to be more circumspect.

Solution
The evil file is called a "pwl" file. For example, if you logged in as user "us" your machine keeps a file called "us.pwl". You can find it using [Start]-[FIND]-[Files or Folders]-[us.pwl] for c:. DELETE IT IF CONCERNED. More information is available at http://www.sans.org/rr/toppapers/PWL.php.