PSA Regarding Storing Passwords

[Zambini]

I made a startling discovery that I'm sure some of you are going to be like "well duh... wait... you didn't know that?" but I'm gonna tell yall anyway.....

Apparently, any IM client, including my favorite Pidgin, is completely defunct when it comes to securely storing passwords. So make sure you un-check "Save Password" in your accounts window. Yes, that does mean for logging in to your 12 different accounts on Pidgin you'll have to type 12 different passwords, but its worth the security IMO.

To give you a feel for how unsecure Pidgin is at storing passwords, lets take a look at the account file (.xml)
(no, that isn't my real password.....)

Quote:

<?xml version='1.0' encoding='UTF-8' ?>

<account version='1.0'>
<account>
<protocol>prpl-aim</protocol>
<name>DwR Zambini</name>
<alias>Zambini</alias>
<password>c4n1h45c|-|33z8urg3r</password>
<current_error/>
</account>

At least Pidgin is open about it, saying "Its better to be told you have no security than having a false sense of security".

Which is true. Because I wouldn't have known about it unless they had done so.

There are workarounds, such as Gaim Password Encryption , but it's not a 100% security, and if someone really really really wanted to get it its still possible via debugger or something.

I don't know about any methods for securing AIM, MSN, or other non-open-source programs though. So you'll have to do some googling on your own.