Google uploading your plain text passwords

• Previous message (by thread): Google uploading your plain text passwords
• Next message (by thread): Google uploading your plain text passwords
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Google stores encrypted passwords. By default it uses your own Google
Account password as part of the key to decrypt your other synced passwords.
But you can change that and use a custom "sync passphrase".

Once you're logged in your device can decrypt your passwords and compare
them against databases of known compromised passwords.

Google does not have access to your plain-text passwords in either case.

More info:
https://support.google.com/accounts/answer/6208650
https://security.googleblog.com/2020/10/new-password-protections-and-more-in.html

Regards,
César

On Fri, Jun 11, 2021 at 1:05 PM William Herrin <bill at herrin.us> wrote:

> Howdy,
>
> My gmail account prompted me today to change a compromised password.
> It wasn't compromised; it was an offline system where I intentionally
> used a generic password. But in the process...
>
> It turns out that every password I allowed Chrome on Android to
> remember, it uploaded to Google. In plain text!! And it could prove it
> by displaying the plain text passwords for me on my laptop. And I
> can't turn the upload off!
>
> To the google folks on here: Are you INSANE!?
>
> Regards,
> Bill Herrin
>
>
> --
> William Herrin
> bill at herrin.us
> https://bill.herrin.us/
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20210611/e7e9fbae/attachment.html>

• Previous message (by thread): Google uploading your plain text passwords
• Next message (by thread): Google uploading your plain text passwords
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]