All passwords are available in the file winbox.cfg
This threatens the security of routers.
This is known and documented. Set up a password for your Windows computer, or don’t save passwords.
This is not right. Passwords should be encrypted
An attacker to steal just enough that file and all the routers are under threat.
If they are in your computer and can access your file you have much more to worry about. anyway a key logger can record your keystroked as you type your memorized password anyway. Authy for Mikrotik would be awesome as a two factor. and in the event the net goes down it rolls back to single. But for now I use Linux box or Mac to manage my routers, never use customer computers. and try to avoid Windows as much as possible.
Regards,
Josh
You should encrypt access passwords (/user). They can be easily extracted from binary backup file.
I suggest posting this as a feature request in the beta section. not much will happen in this section. I would assume at some point it will get encrypted, but I would rather see a mature v6 first 
Please don’t confuse two different things - Backup file from RouterOS is not related to Winbox.cfg file in Winbox.
About Winbox (the topic). There are two options:
- Winbox could ask a Master Passphrase before it allows you to use the stored passwords. This is required to encrypt anything. Otherwise anybody could decrypt it.
- Winbox could store Hashes of passwords in the CFG file. This would not prevent the person to copy/paste it. It would only prevent them to read your password, but pasting the hash would still work.