Results 1 to 8 of 8
  1. #1
    2 Star Lounger cyberdiva's Avatar
    Join Date
    Dec 2009
    Location
    USA
    Posts
    133
    Thanks
    15
    Thanked 6 Times in 6 Posts

    Does the Win7 Registry include sensitive information (e.g., passwords)?

    I am having a problem with a software program on my Win7 Professional 64-bit computer. The software company suggested doing an assisted session using a program such as TeamViewer. They're particularly interested in looking at the Registry (which might have to take place when I'm not present, due to time zone differences). My question is whether there is sensitive information in the Registry that I would not want them to have--for example, are passwords stored there? If I were to use RegEdit's Export feature and send the resulting file to the company, would that be wise? Useful? A reasonable alternative to giving them access via TeamViewer? I'm frankly not eager to give them access via TeamViewer, even if I'm present, but especially if I am not. And I am not eager to have someone making changes to my Registry. I'm not sure how well-founded my reservations are, and I'd like to know both whether doing a RegEdit Export and sending them the results is a reasonable alternative AND whether there is sensitive information in the Registry that I would not want someone else to have.

    Thanks in advance for your help.

  2. #2
    Super Moderator
    Join Date
    Jun 2011
    Location
    New England
    Posts
    4,746
    Thanks
    171
    Thanked 649 Times in 572 Posts
    I think you're right to be cautious, and exporting then sending just the relevant part of the registry does sound like the way to go.

    I certainly wouldn't want anyone viewing my registry when I was not around to see what they were going to do with it.

    There are many passwords stored in the registry: Password Storage Locations For Popular Windows Applications

    Bruce

  3. The Following User Says Thank You to BruceR For This Useful Post:

    cyberdiva (2013-03-22)

  4. #3
    2 Star Lounger cyberdiva's Avatar
    Join Date
    Dec 2009
    Location
    USA
    Posts
    133
    Thanks
    15
    Thanked 6 Times in 6 Posts
    Many thanks, Bruce. Actually, the link you provided seems to indicate that I may not have many passwords stored in the Registry (though I also wonder about all the serial/license numbers for my many software programs--are these numbers stored in the Registry?).

    I'm also curious about one thing you said. If I Export my Registry, can I export just certain parts of it? I've never used this feature.

  5. #4
    Super Moderator
    Join Date
    Jun 2011
    Location
    New England
    Posts
    4,746
    Thanks
    171
    Thanked 649 Times in 572 Posts
    Yes, just select a branch or key before export and the file will be restricted to that. (Check out Help within Regedit.) You can open the .reg file with Notepad to check the contents.

    Bruce

  6. #5
    2 Star Lounger cyberdiva's Avatar
    Join Date
    Dec 2009
    Location
    USA
    Posts
    133
    Thanks
    15
    Thanked 6 Times in 6 Posts
    Bruce, thanks again. You've been very helpful!

  7. #6
    Star Lounger
    Join Date
    Dec 2009
    Location
    Hong Kong
    Posts
    76
    Thanks
    11
    Thanked 1 Time in 1 Post
    Passwords are stored in the registry, though they're encrypted, so the remote tech won't be able to read them while using team viewer.

    But - there are plenty of tools that can decrypt passwords (http://is.gd/y6MkP8 ) - so if you send them an export of the entire registry you're effectively giving the recipient an opportunity to try at his leisure. Depending on whether you use your browser to store passwords as opposed to Lastpass or whatever this might be a big deal.

    To echo Bruce - If you want to export and send data to them make sure that you send them the absolute minimum!
    Last edited by flippertie; 2013-03-23 at 23:33.

  8. #7
    2 Star Lounger cyberdiva's Avatar
    Join Date
    Dec 2009
    Location
    USA
    Posts
    133
    Thanks
    15
    Thanked 6 Times in 6 Posts
    Thanks, flippertie. Most of my passwords are stored in Last Pass, not in my browser, so I guess that lessens the danger somewhat. But I do agree with you and Bruce about sending as little as possible. What I'd really like is for them to tell me exactly what entries to look at, and I'd give them just that information. I haven't heard back from them yet, so I don't know whether they think that's a feasible plan.

    Actually, your response makes me wonder about programs such as email clients such as Thunderbird, PostBox, Mulberry, etc. that are not web-based. They all store passwords to email accounts, and obviously they all use the Registry. But do the passwords I store in an email client appear in the Registry?
    Last edited by cyberdiva; 2013-03-24 at 23:57.

  9. #8
    Administrator
    Join Date
    Mar 2001
    Location
    St Louis, Missouri, USA
    Posts
    23,577
    Thanks
    5
    Thanked 1,057 Times in 926 Posts
    Quote Originally Posted by cyberdiva View Post
    Thanks, flippertie. Most of my passwords are stored in Last Pass, not in my browser, so I guess that lessens the danger somewhat. But I do agree with you and Bruce about sending as little as possible. What I'd really like is for them to tell me exactly what entries to look at, and I'd give them just that information. I haven't heard back from them yet, so I don't know whether they think that's a feasible plan.

    Actually, your response makes me wonder about programs such as email clients such as Thunderbird, PostBox, Mulberry, etc. that are not web-based. They all store passwords to email accounts, and obviously they all use the Registry. But do the passwords I store in an email client appear in the Registry?
    IMO, sending them a copy of your registry or what you think is the relevant part of the registry may not be enough to diagnose the issue. Partial information is often as bad as no information when trying to debug a problem.

    If you turn over your machine you've already lost control. BUT, if you don't trust the software company maybe you should not be doing business with them.

    Joe

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •