Today, quite by accident, I discovered one "feature" in Opera's Wand (password manager). This feature can both come to the rescue and harm. It consists in the fact that you can in an elementary way see the password that was previously saved. This is done in just a few seconds.

How it works

1. We open the authorization page, on which the "login" and "password" fields are highlighted in yellow (means that Wand can be applied).
2. Open the source (Ctrl + U), look for the inputpassword (usually immediately after the very first word “password” / “password”, which is instantly found through the search (Ctrl + F)).
3. Remove type="password", apply the changes (Ctrl + R), close the source (Ctrl + W).
4. Activate Wand. The password will be visible right there, as long as the authorization request is in progress. You can quickly make PrintScreen, or you can wait for the entrance, and click "back". Password with login will be in full view.

All this can be done in a good way in 10-20 seconds.

I tried to play, it turned out that for the milestones I checked sites (including paypal!) , The chip worked. Habr became an exception - for him my password in Wand for some reason did not want to be saved.
If everyone around were always white and fluffy, I would love to save passwords in Opera, and happily forget it. Then, when it was necessary, for example, to exit from another browser, I would “remember” them, I use the “feature” of Wand. But, unfortunately, I can’t afford it, even on a personal laptop ...

By no means do I want to say anything against Opera. This is my favorite browser, I both used it and will use it. This topic is in order to once again let you think about your safety. It’s clear that a normal person uses Wand only on a personal machine and not for all sites. The problem is that it is worth taking a moment to turn off the computer, for example, at work, as you are already at risk of some kind of password being stolen. This is especially dangerous when a person uses only 1-2 passwords for everything that is possible.

Opera developers could correct the work of Wand in future versions, namely, when saving data, remember which of the fields was a password. Even if then the “for some reason” field ceased to be a password, it still displays asterisks.

Website developers who are very concerned about the security of their users could also take into account such a way of “hacking accounts”, for example, when loading a page, through Javascript, checking if there is a password entry field type="password", and taking measures.

"Tests" were conducted on Opera 10.00 1 from under Windows.