Protected Files and Passwords Storage


Are the “places” where microsoft applications store passwords on the protected files / registry keys by default?

For exemple Office 2013 stores passwords here:


from 2002 to 2010:

[Windows NT onwards]
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles

[Prior to Windows NT]
HKEY_CURRENT_USER\Software\Microsoft\Windows Messaging Subsystem\Profiles

And network passwords are storred here (under win vista & 7):

APPDATA Location - C:\Users\<username>\AppData\Roaming\Microsoft\Credentials\

LOCALAPPDATA Location - C:\Users\<username>\AppData\Local\Microsoft\Credentials\ 

For XP:

APPDATA Location - C:\Documents and Settings\<username>\Application Data\Microsoft\Credentials\<user sid>\

LOCALAPPDATA Location - C:\Documents and Settings\<username>\Local Settings\Application Data\Microsoft\Credentials\<user sid>\

Should I add them to the protected files and folders to make sure that a malicious program doesn’t try to get them?

SOURCE: // Exposing the Secret of Decrypting Network Passwords -