PasswordSpy is able to extract the password from most programs, but there are a few limited exceptions. Each known exception is detailed here:

Windows logon screen: PasswordSpy could extract the password from the Windows logon screen, except for the fact that in Windows it is very difficult to start a program before the user logs on. Thus you cannot start PasswordSpy before you logon. But even if you could start PasswordSpy, it would be pointless. Since Windows does not pre-fill the password field with a password, there is no password to extract. The only text to copy would be what you enter then and there. And since you just typed that data, you don't need PasswordSpy to tell you what it was.

Windows NT services: PasswordSpy can and does extract the password from the Windows NT services screen, however Microsoft has coded this screen with additional security. Instead of storing the actual password in the field, Microsoft stores a bogus password in the field (blank spaces to be exact). Thus when you try and "spy" the password, you read the bogus password instead of the real password.

Non-standard Windows applications: Most non-standard Windows applications cannot have the password extracted because the field containing the password is not a field at all. The best example of a non-standard Windows application is most any program written in Java. These programs "draw" their own windows instead of relying on the built-in functionality of Microsoft Windows. As a result, there is no way to extract the password from these applications.

Web sites in Internet Explorer: Newer versions of Internet Explorer "draw" their own controls just as a Java app does. As such (for the same reason above) PasswordSpy will not work. However there is a simple workaround that does not require PasswordSpy at all. If you view the HTML source the password is displayed as plain text. If you know how to read HTML text you can find it in there.



Back to PasswordSpy