Seeing online passwords

My computer remembers my passwords for some sites. That’s good, because I don’t have to type them in. On the other hand, sometimes I forget them. (I tend to use different passwords instead of the same one over and over.) Some sites will give me a hint and/or email me my password. Other sites require that I provide a new password. I don’t like that.

Is there a way to see the password that my computer is storing for a website? I’m using OS X 10.9.5 and Safari 9.0.1.

If it’s showing you the asterisks, there’s this method.

In Safari, you might have to enable the developer menu first.

There’s two ways it might be being stored.

The browser may be storing it, in which case you want to go to Preferences… -> Passwords tab and click the “Show Passwords for Selected Sites” box.

Alternatively, the OS might be storing it (they overlap somewhat), in which case you want to run “KeyChain Access” (in your /Applications/Utilities folder), which can show you your stored passwords. K.A. is a little bit of a mess–it has a whole bunch of different functions, many of them complicated–but poke around in it for a while and you’ll probably see what you need.

You can try one of these two methods:

My bold. This makes me sad. It means the site is storing your password in plain text, which is wrong on many levels. I’m a security guy, and one time an organization that issues information security credentials emailed me my password in plain text. Kind of killed whatever credibility they may have had (which honestly wasn’t much to begin with).

Gods, I hate those long-ass ads you can’t skip!

I tried searching for ‘input type=password’, but it doesn’t find it.

There we go. Right password, wrong cases.


While we’re on the subject, it’s annoying that all the browsers I’m using just store usernames and passwords as a one-to-one mapping across all sites.

So, say two web pages require my user name to be my email address. I use the same e-mail account for both but (rightly) decide to use a different password.
Since the browser can only map one user name to one password it’s constantly filling in the wrong password and/or asking me to update the reference.

It might be because I’m using older versions of Chrome / Firefox / Opera / IE…if one of the updates fixes that, that might actually be worth updating for…

When I’m King, one of my first acts will be the “passwords are a SEQUENCES OF KEY PRESSES, and the state of caps/lock (or shift except as a key that can be pressed in the sequence) should be irrelevant under pain of death” law.

Seriously, it’s 2016 and we’re still rejecting passwords because of caps lock being down?

Passwords should have a mixture of cases.

Thumb scan would be better.

Mijin, Firefox has stored passwords separately for separate sites for ages now. It also no longer asks you if you want to change the stored password until after it submits it to the site so you can see if it worked. I expect all modern browsers do this, too, but I don’t have experience with them.

You won’t be king long after all the security disasters that silly policy causes.

The problem now is passwords are too easy, not that they’re too hard.

But, but, Sire, the keys I press are vastly different between my desktop PC, my Surface tablet, my Android tablet and my phone. And each of these has French and English keyboard layouts installed. On Windows, the # symbol is Shift-3 in English but has its own unshifted key in French. It’ll never fly, Sire.

In Firefox, go to Tools > Options > Security > Saved passwords > Show passwords.

I assume there is a similar lookup path in other browsers. It’s the browser that saves the passwords.

Passwords absolutely should be case-sensitive.

What pisses me off is the various password-making “rules” that exist across sites. Some require at least one uppercase. Some don’t. Some need a number. Some don’t. Some need a special character/punctuation. Some need a special character, but only from a small subset of special characters. Some just used to reject any special character at all. It drives me batty.

Even better, passwords should have a mixture of BOLD and italic cases.

And at least one character in comic sans.