Disabling Password Caching on Windows XP

Although some users will find it useful, one potentially dangerous feature of XP is its ability to cache username and password information associated with Web sites accessed via Internet Explorer. For example, on a system with multiple users sharing a single user account, a user might select the option to have XP remember the username and password used while logging on to a secure Web site, thus allowing other system users to potentially access it as well. While not a big issue for a news-related site, it’s easy to be a little more worried if it was your banking information others could get at.

The easiest solution to this problem is to set up a unique XP user account for each user, since this would cache usernames and passwords for each person individually. However, accessing this information would still be relatively simple for a user with administrator-level access. For this reason, password caching can be completely disabled, forcing a user to enter a complete username and password when visiting a secure site in Internet Explorer. To do so, fire up Regedit one more time and browse to HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\
Internet Settings. Creating a REG_DWORD value named DisablePasswordCaching and setting it to a value of 1 will force the current user to supply both a username and password on each visit to a secure Web site.

Author: Dan DiNicolo

Dan DiNicolo is a freelance author, consultant, trainer, and the managing editor of 2000Trainers.com. He is the author of the CCNA Study Guide found on this site, as well as many books including the PC Magazine titles Windows XP Security Solutions and Windows Vista Security Solutions. Click here to contact Dan.