Have you ever forgotten a password from a social network or a banking app, but the Xiaomi Redmi smartphone graciously substituted it automatically? Behind this magic is a complex system of credentials that the manufacturer carefully hides from the user. Unlike the iPhone, where everything is centralized through iCloud Keychain, Android โ especially in the shell of MIUI โ uses multiple storage, and not all of them are obvious.
The problem is that these passwords are scattered across different services: from the built-in manager. MIUI Password Manager to Google Smart Lock cloud storage, and if you ever let Mi Browser or Chrome save logins, that data could leak there. In this article, we will not only list all possible storage locations, but also show how to export passwords to a secure format, why they can not be deleted through a file manager, and what to do if a smartphone is stolen and two-factor is tied to the file manager. SIM-map.
Spoiler: Even after you reset to factory settings, some of the passwords can stay in the system -- and it's not a bug, it's a MIUI feature. But about everything in order.
1. MIUI System Storage: Where Xiaomi Hides Default Passwords
The main place Xiaomi Redmi saves passwords is the built-in MIUI Password Manager (formerly called Mi Account Passwords), which activates automatically if you:
- ๐ Enter a Wi-Fi password and allow saving
- ๐ฑ Entered applications through the autocomplete system window
- ๐ Saved logins in Mi Browser or Chrome with synchronization enabled via Mi Account
To find this storage, go to Settings โ Passwords & Security โ Password Manager. Here you will see all the data you have saved, broken down into categories: apps, Wi-Fi, websites. But here's the caveat: if you've never set up Mi Account, some of the passwords can be stored locally in encrypted form - and they can't be exported without root rights.
๐ก
If the password manager displays an empty list, but you have exactly saved the data โ check if the autocomplete option is disabled in the special features settings (Settings โ Special features โ Autocomplete).
Itโs important to understand that MIUI Password Manager works differently than similar services on pure Android, for example, it can save passwords even for applications that explicitly prohibit autocomplete (such as some banking customers), this is implemented through the MIUI autocomplete system service, which replaces the standard Android mechanism.
โ ๏ธ Note: If you delete the application, the password from it will remain in the manager MIUI, But it will stop showing up in the list. To find it, search by service name (for example, "Vkontakte" instead of "Vkontakte ยซVKยป).
2.Google Smart Lock: How passwords sync with Google account
Even if you donโt use Google services, your Xiaomi Redmi can automatically save passwords to Google Smart Lock.
- ๐ฑ You are logged into a Google account on your device
- ๐ Password synchronization enabled (Settings) โ Google โ Managing a Google Account โ Security โ Passwords)
- ๐ You saved logins in Chrome or other browsers based on Chromium
The main difference from MIUI Password Manager is that Google Smart Lock syncs data between all your devices where you are logged in to the same account, which is convenient but creates a risk of leakage if someone accesses your Google profile, such as through a phishing link or a vulnerability in a third-party service.
| Warehouse | Where it's stored | Synchronization | Exports |
|---|---|---|---|
| MIUI Password Manager | Local + Mi Cloud | Only between Xiaomi devices | Yes (in CSV) |
| Google Smart Lock | Google Cloud | Between all Android devices | Yes (via passwords.google.com) |
| Mi Browser | Locally (without synchronization) | No. | No. |
| Chrome | Google Cloud | Yes. | Yes (via browser settings) |
To check which passwords are saved in Google Smart Lock, go to passwords.google.com (open in the browser where you are logged in to Google). CSV backup.
3. Local files: where the passwords are physically stored in the phone's memory
If you think passwords are stored as plain text files that can be found through Explorer, you're wrong. Data is protected by multiple layers of encryption, but it can still be found in system folders. Here are the key paths (available only with root rights or through ADB):
- ๐ /data/system/users/0/accounts.db โ account database (including authorization tokens)
- ๐ /data/data/com.android.providers.settings/databases/settings.db โ autofill settings
- ๐ /data/data/com.miui.securitycenter/databases/ โ storage MIUI Password Manager
- ๐ /data/data/com.google.android.gms/databases/ โ cache of Google Smart Lock
Important: Even if you copy these files to another phone, you can't read them without decrypting them -- they're tied to the device's hardware key (TEE, Trusted Execution Environment), and trying to change the files manually can result in the loss of all saved passwords or system failure.
For advanced users, if you have root access, you can use sqlite3 to view database content.
adb shell
su
sqlite3 /data/data/com.miui.securitycenter/databases/password.db
.select * from passwords;โ ๏ธ Warning: Changing system files without backup may lead to blocking MIUI (Requirement to enter the Mi Account password after rebooting.This is a well-known feature of Xiaomi protection, which can not be avoided without official unlocking.
4 Wi-Fi passwords: where network keys are stored and how to extract them
Wi-Fi passwords are stored separately from other credentials, and in MIUI, they can be found in two ways:
- Through the settings menu: Settings โ Wi-Fi โ Click on the saved network. โ Share your password (entry will be required) PIN-fingerprint).
- Through MIUI Password Manager: In the Wi-Fi section, all saved networks with the ability to view the password are displayed.
But what if you had to extract all the passwords at once, for example, to transfer to another phone. ADB-team (works without root, but requires enabled debugging on the USB):
adb pull /data/misc/wifi/WifiConfigStore.xmlThe resulting file will have encrypted passwords, and to decrypt them, you will need a key that is generated based on the data. Android_ID There are special utilities (for example, WiFi Key Recovery), but they do not work on all versions. MIUI.
Enable USB debugging in Settings โ About Phone โ MIUI version (7 times click on build number)
Connect your phone to your PC and confirm your trust in your computer
Follow the adb backup command -f wifi_backup.ab -noapk com.android.providers.settings
Unpack your backup with Android Backup Extractor
Find the passwords in the file. apps/com.android.providers.settings/db/settings.db-->
On the Redmi models with MIUI 14+, Xiaomi added additional protection: Wi-Fi passwords are now tied to the SELinux context, and they can not be extracted even through ADB without special permissions.
5.Browsers: How Mi Browser and Chrome Store Passwords
If you use the standard Mi Browser browser, all saved passwords are stored locally in the folder:
/data/data/com.android.browser/databases/webview.db
But there's a catch: Mi Browser doesn't sync passwords to the cloud, so when you reset your phone, they'll be lost. Unlike it, Google Chrome defaults to logins in to Google Smart Lock if sync is enabled.
To manage saved passwords in Chrome:
- Open the browser and go to โฎ โ Settings โ Passwords.
- Click on the eye icon next to the password to view it (entering will be required). PIN-phone-code).
- For export, go to passwords.google.com and select Export Passwords.
Redmi with MIUI 13+ has a Secure Browser feature that blocks passwords from being saved for sites marked as โnot secure,โ which may create the illusion that the password is not saved when it is actually hidden in a secure storage.
How to enable hidden passwords in Mi Browser
6 Third-party password managers: KeePass, 1Password, Bitwarden
If you use third-party password storage apps (like KeePass, 1Password or Bitwarden), then the data is stored in their own encrypted containers. On Xiaomi Redmi, these apps can:
- ๐ Store a password database in a folder /sdcard/Android/data/[package_name]/files/ (rootless).
- ๐ Sync with the cloud (Dropbox, Google Drive, own cloud service).
- ๐ Use Android Keystore to protect your master password.
The main advantage of third-party managers is cross-platform, for example, the KeePass database in.kdbx format will open on both Windows and iOS, but there is a disadvantage: if you forget the master password, it will be impossible to restore access to data (unlike MIUI Password Manager, where you can reset your password through Mi Account).
On Redmi with MIUI, third-party password managers can conflict with system autocomplete.
- Open Settings โ Special. features โ Autocomplete.
- Turn off MIUI Autofill Service and select your password manager (e.g. Bitwarden).
- Reboot the phone.
๐ก
Password managers are more reliable than system ones, but they require discipline: without a regular database backup, you risk losing all logins when resetting your phone.
7 What to do if your phone is stolen or you forget your Mi Account password
Situation: Your Xiaomi Redmi was stolen, and MIUI Password Manager had passwords saved from banks, social networks and email.
Step 1. Revoke access to Mi Account:
- Go to account.xiaomi.com from another device.
- In the Devices section, find the stolen phone and delete it.
- Change the password from the Mi Account.
Step 2: Reset passwords from critical services:
- ๐ฆ Banks: Call support or use backup access codes.
- ๐ง Mail: Restore access via backup email or phone.
- ๐ Social networks: use the function "Forgot your password?" email/The phone must be different from the stolen device).
Step 3. Check the activity:
- On Google Account (myaccount.google.com/security) check out the latest logins.
- In banking applications, check the history of transactions.
- Enable two-factor authentication wherever possible.
โ ๏ธ Note: If the stolen phone was tied SIM-A password recovery card, call the operator immediately and block it, and attackers can use it to reset passwords from email or social media.
8 How to Delete All Passwords Before Selling Your Phone
If you are going to sell or give away your Xiaomi Redmi, it is not enough to simply reset your settings. Passwords may remain in the system due to the features of MIUI. Here is a step-by-step guide to complete cleaning:
- Untie Mi Account: Settings โ Xiaomi Account โ Sign out.
- Remove all saved passwords: Settings โ Passwords and Security โ Password Manager โ Delete everything.
- Clear Google Data: Settings โ Google โ Google Account Management โ Data and Personalization โ Delete Data (select โPasswordsโ).
- Reset settings: Settings โ About Phone โ Reset settings โ Erase all data.
- Reflash the phone (optional, for paranoids): Install clean firmware through the Mi Flash Tool (instructions on the official website).
After resetting, it is recommended to manually check that the passwords have actually been deleted:
- Connect your phone to Wi-Fi and try to log in to any app โ autocomplete doesnโt have to work.
- Check Settings โ Passwords and security โ the list of saved data should be empty.
If you are selling a MIUI phone, be sure to warn the buyer that the first sign-in to the Mi Account must be made from their account, otherwise the device may be blocked (a known problem with linking to the previous owner).