According to ISF research, 86% of polled Internet users believed that the passwords hidden behind the asterisks are securely protected. The truth, according to the foundation, is that such passwords are not normally protected in Microsoft Windows and can be easily viewed using software such as SeePassword. As the result of this programming oversight in Microsoft's Windows, criminals may unlawfully obtain passwords of unsuspecting Internet users, gaining access to bank records, and other private information such as credit card accounts, according to a press release issued by . This privacy issue is especially troublesome in the era when criminals and terrorists routinely use stolen identities to conduct their unlawful operations.
Despite the growing public concerns over this issue, Microsoft refused to address this glaring security hole in its operating system. In a November 2, 2004 PC Magazine article, a Microsoft spokesman stated that that if an intruder has access to your computer, it's already too late to offer protection of passwords.
"The responsible thing for Microsoft to do would be to issue a security patch which would make passwords secure and preclude unauthorized access to users' online accounts," says Alex Konanykhin, Chairman of the Internet Security Foundation. "At the very least, Microsoft should have issued a security patch which would warn Windows users that such hidden passwords are not secure. Instead, Microsoft chose to ignore the issue despite our repeated warnings."
To help address the problem, Internet Security Foundation released a freeware program, called AsteRisks ("Remove Risks from Asterisks") which removes unsecured passwords from user's computers, eliminating the risk of such passwords falling into the hands of unauthorized parties.
The release of AsteRisks cames a few months after the foundation released SeePassword, a tool that allows consumers to see the passwords Windows hides behind asterisks. SeePassword technology allows forgotten passwords to be easily and quickly retrieved. Users just drag a magnifying-glass-shaped interface over the asterisks and see the forgotten password hidden behind them.
"The public should have access to this technology," says Alex Konanykhin, CEO of KMGI, "not only for the benefits it will afford them, but to better understand how unprotected their private information currently is. Exposure is the first step to solving the problem."
