I share in this post different ways of handling password storage in AutoHotkey.
Registry
The first approach is to store the password in a local user registry key.
Login_GetPassword(){
RegRead, sPassword, HKEY_CURRENT_USER\Software\PowerTools, Password
If (sPasswordKey=""){
InputBox, sPassword, Password Key, Enter Password, Hide, 200, 125
If ErrorLevel
return
}
RegWrite, REG_SZ, HKEY_CURRENT_USER\Software\PowerTools, Password, %sPassword%
return sPassword
} ; eofun
Note in the code above the use of the Hide option in the InputBox: this will replace your input by *.
The registry key store in HKEY_CURRENT_USER is only accessible from the login user - means if you leave your PC locked when not using it, nobody shall be able to access it.
There is though one critical scenario: if you share your code as open source then potential attackers might be able to get the value of this key e.g. by sending you a malware per email. Therefore do not go for this approach if you share your code.
Registry with encryption
You might also have as an internal IT security policy not to store your password unencrypted anywhere at all.
For this case you could encrypt the password and add the encryption key in another registry key.
A good AHK resource for encryption can be found
here Still if you share your code, a potential attack is possible.
Of course encrypting and decrypting the password each time you want to access it takes some extra time and might hinder the useability if you need to access it a lot.
Static variable
A third alternative is not to store the password physically anywhere at all but use a
static variable.
The drawback of this compared to the registry approach is that each time you exit or rerun your AHK script the password is reset and you will have to re-enter it.
Advantage is that no one can access it by any criminal attack.
Login_GetPassword(){
static sPassword
If !(sPassword = "")
return sPassword
InputBox, sPassword, Password, Enter Password for Login, Hide, 200, 125
If ErrorLevel
return
return sPassword
}
As tip, if you want to save entering a lot of time your password, you might want to store it via a static variable in a main AHK file you only run once at startup (do not need to re-run a lot because of for example code updates) and create a hotkey to type it.
I use for example my TextExpander main script for this; this is where I store all my hotkeys.
It looks then like this for the password typing:
!p:: ; <--- Enter Password
sPassword := Login_GetPassword()
Clip_Paste(sPassword)
return
N.B.: the Clip_Paste function does not leave any traces in the clipboard by default and is faster than a SendInput.
No comments:
Post a Comment