Google uploading your plain text passwords

Michael Thomas mike at mtcc.com
Fri Jun 11 17:27:17 UTC 2021


[sorry meant to send this to the list]

Isn't that what lots of password managers do? I understand that one of them
syncs point to point, but that has the downside that it probably needs to
be on the same subnet.

The actual problem here is that sites only allow a single password. if you
could enroll more than one password you wouldn't need to sync at all.
Better: use asymmetric keys and enroll public keys so the secret never
leaves your device.

Mike

On Fri, Jun 11, 2021 at 9:53 AM William Herrin <bill at herrin.us> wrote:

> On Fri, Jun 11, 2021 at 9:42 AM César de Tassis Filho
> <ctassisf at gmail.com> wrote:
> > Google does not have access to your plain-text passwords in either case.
>
> If they can display the plain text passwords to me on my screen in a
> non-Google web browser then they have access to my plain text
> passwords. Everything else is semantics.
>
> Regards,
> Bill Herrin
>
>
> --
> William Herrin
> bill at herrin.us
> https://bill.herrin.us/
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20210611/5ef959ab/attachment.html>


More information about the NANOG mailing list