Let’s say you have saved your login-credentials at http://examplecommunity.com/, which consists of a user name and a password. The password-field at the login-page uses type=”password” to display asterisks to hide the input from any users watching. Opera has a neat feature which lets you modify the source of any page, and “Apply” it to reload it as if it was the original page. So if you changes the type=”password” to type=”text” (or simply removes it, as text is the default type), and clicks “Apply” you might still use the wand, and now the text inserted into the password-field is perfectly visible. It’s just to hit “esc” to cancel the loading of the next page and you have the password written en clear text.

Now, it is unfortunately not usual amongst the browsers that has this kind of feature to have easy ways of working around it, either by hacking the local files which contains the passwords or by some other tricks which differs a little from browser to browser.

There are some ways which webdevelopers might make this a little bit harder, by i.e. including the login-form with JS etc, but first of all it’s a big NO because it’s bad , bad practice against UA’s which either not support JS, or has it deactivated. Second it’s just to use the developer-tools and modify the DOM which is created none the less.

Verified with Opera 9.64 and 10.00 beta

Possibly related

Show passwords feature is a serious security issue in Firefox and Chrome

Related posts:

• Why I use Opera over Firefox

e-mats.org: New Adventures in Reverse Engineering

Related posts:

• Acquiring full screen in Java-applications