Lost all my passwords today, but they are in the Login Data file

leocg

leocg Moderator Volunteer last edited by

So-is there some connection between my pc user account name/password and Operas login data file?

Yes. Your OS credentials (username/password) is used to encrypt your saved passwords in Opera.

For this reason, your saved password can't be used on another computer or by another user on the same computer.

pdw

pdw last edited by

Ok, good information. I never knew that, but makes sense doesn't it.
If my user name changed somehow then that would explain it. But I did not change the name.
Interestingly, it is possible to change the user name in W8 to something else. I may have to take a look at that.

Thanks

pdw

pdw last edited by

"Yes. Your OS credentials (username/password) is used to encrypt your saved passwords in Opera."

A question: How can Opera/Chrome know what my W8 password is? That would mean they know the password scheme. Is there anything more that is used in the user id, such as, Admin privileges?

leocg

leocg Moderator Volunteer last edited by

How can Opera/Chrome know what my W8 password is?

I don't think Opera knows it. I'm not a developer but i think they just associates the file with the user and lock access to it if something unusual happens.

I guess the problem is that the password change was made from another user.

Try opening 'Login Data' in a SQL editor to see if you can access it. Do a backup first just in case.

pdw

pdw last edited by

Hello. Originally you said that Opera uses (username/password) for encryption. Is that not correct? It's important to know.

leocg

leocg Moderator Volunteer last edited by

It's a Chromium thing, maybe you can find more info in their pages.

Is that not correct?

It's correct, your saved passwords are encrypted using your OS account info.

How this is done? I have no idea.

blackbird71

blackbird71 last edited by

Essentially, the browser asks Windows for an encryption key, which a Windows service dutifully creates using a hash of the OS user account password/name; encryption then occurs. Decryption works similarly - the browser again gets a key from Windows which again creates it from the user account password/name. Different user account or password - the key won't 'fit'. According to advocates, this is a security feature. To those who legitimately need to access account-encrypted data from another system or account (or if the user password changes), it's a problem. Since I save my passwords elsewhere, I have no opinion either way.

leocg

leocg Moderator Volunteer last edited by

Essentially, the browser asks Windows for an encryption key, which a Windows service dutifully creates using a hash of the OS user account password/name; encryption then occurs. Decryption works similarly

Thanks for the info.

pdw

pdw last edited by

This is pretty much intolerable. Chrome and Opera should have a large warning about not messing with user name and/or password logon or will cause loss of web site passwords.
This is almost cause for ditching these two browsers.
And what caused this fiasco in the first place wasn't anything I did. After a system restart, I found I could not loin to W8, no matter what I tried. Somehow my password was corrupted and nothing I did would bring it back.
Shame on Operaa for allowing this to happen.

blackbird71

blackbird71 last edited by

This is pretty much intolerable. Chrome and Opera should have a large warning about not messing with user name and/or password logon or will cause loss of web site passwords. This is almost cause for ditching these two browsers.
And what caused this fiasco in the first place wasn't anything I did. After a system restart, I found I could not loin to W8, no matter what I tried. Somehow my password was corrupted and nothing I did would bring it back.
Shame on Operaa for allowing this to happen.

I understand your frustration, honestly. But - and it seems there's always a 'but', isn't there? - while perhaps I'm old-school, after many years of fighting with computers and their many unique ways of failing at the worst possible moment, I've learned that if information really 'matters', it should either be committed to a paper copy placed in a secure place or backed up electronically to at least two physically-separate places - and often, both ways. Every single password I have is backed up on paper, one copy of which is stored in a secure safe here and another off-site. If I change any PW, I ripple that change through my backups at once. I see the bother in that as a necessary cost of safely conduct things in a forever-uncertain digital world.

There are simply so many failure modes for stored data (hard-drive crashes, MoBo failures, OS crashses, file corruption, physical theft, fire, wind-storm, etc, etc) that the password encryption issue stands in many ways as just one more failure mode. It was rooted, after all, in a W8 log-in failure of some sort. That led you into a password-file trap you didn't realize was there, and that's highly unfortunate. But frankly, there are many other comparable traps you (or I) may not even know about, hence it's up to a user to guard his data in genuinely secure and multiple ways - or else risk the consequences. If the situation is as bad as you indicate, it's because you didn't have a written backup for your passwords, and that omission would indeed be something 'you did'.

Chrome (and hence its chromium offspring and the browser makers who utilize it) made a reasonable design choice to employ Windows user-account-based encryption services for passwords, and perhaps that may even have been a good choice for multi-user, multi-access system security. In your situation, it didn't work out well when you had an OS log-in failure. But with a good independent backup of the passwords, your situation would have been reduced to the mere inconvenience of manually having to re-enter them. So I don't see this as a "shameful" thing for Opera.

pdw

pdw last edited by

Thank you for that. Before opera 30+, I always backed up the password file from the appdata directory. Since then, I have been backing up the same data not knowing that the entire directory scheme had changed. Nothing I read in Opera discussed what to backup.
I did a password import today and the settings/passwords file now shows my 50+ entries, I have no idea from what date as the import function simply went 'zip' and it was done. Not knowing where it found the recovery password file, I can assume it came from the Opera 12 data, which means about 90% passwords must be invalid. Yes-going to be a royal PITA in the future.

I went ahead and changed my W* password to blanks to see if the settings/passwords data is changed. and they are still the same after the import. After Opera restart they are still all the same so it looks like the W8 password field isn't part of the saved Chrome password manager. Or Maybe the change doesn't happen until a system restart is performed.
For the record, I am a former computer systems engineer, now retired. I worked on all these types of problems for 40 years and it seems the job isn't finished yet. So much nonsense to have to deal with.
I tell people that most of the internet was written by children.