jaguar wrote:romovs wrote:It doesn't write any settings to files at all. logininfo.conf is from somewhere else.
But it write password to registry. And you can access those passwords using regedit if it is public user logged in...so, not secure. Please consider to use tokens.
Tokens being a more security conscious approach I definitely agree on that.
But imo, the benefits are overestimated in this particular case. This is not exactly bank account authentication.
Probability of someone wanting to snatch H&H passwords, having the know-how, and being able to access same public comp is almost non existent (in b4 we have whole office/class playing on a single pc
but even if that's the case, with public computers you are pretty much fucked no matter whether it's tokens or passwords).