The Final Word
IEPasswordDecryptor is an excellent product if you must retrieve all IE autocomplete passwords from a user's machine. However, I always have concerns about products like this.
Users don't typically need special software to recover forgotten online passwords. I don't think any of the 30 or so sites I log into lack a way to get a new password or the old password sent if forgotten. So using this for user productivity or convenience seems limited.
So who needs this? Well, someone trying to harvest passwords from someone else's computer seems like a good example. If an attacker has physical access, simply running it from a USB attached storage device and downloading exported results takes less than a minute. This product could also be used as part of a remote attack with exported data sent to the attacker's home server.
Although products like this may have limited use in a business or home environment, they are excellent tools for those on the dark side. So you might want to add the IEPasswordDecryptor executable (IEPasswordDecryptor) to your list of end-user software you want to know about or block for unauthorized users.
But the most interesting thing about this product is the ease with which stored password encryption is hacked. The cracking source, for both site passwords and browser master passwords, is widely available. So the best thing you can do for your IE users is to use centrally controlled settings to disable autocomplete.
Finally, for those like me who rarely use IE, there are versions to recover autocomplete passwords from FireFox and Chrome.