Google uploading your plain text passwords
Peter Beckman
beckman at angryox.com
Fri Jun 11 19:30:12 UTC 2021
On Fri, 11 Jun 2021, William Herrin wrote:
> On Fri, Jun 11, 2021 at 9:42 AM César de Tassis Filho
> <ctassisf at gmail.com> wrote:
>> Google does not have access to your plain-text passwords in either case.
>
> If they can display the plain text passwords to me on my screen in a
> non-Google web browser then they have access to my plain text
> passwords. Everything else is semantics.
Untrue. If you have a key on your computer, such as was mentioned that
the Google key may be stored locally in the MacOS Keychain, and you unlock
your MacOS Keychain with your local laptop login password, which is also
stored on an encrypted disk volume, that does not mean those passwords
have left your computer in plain text, or that Google has this key that
lives in your keychain.
I agree, if they do, that's terrible. But I haven't seen any evidence that
they do.
You can have multiple keys to encrypted data, and it is still stored in a
cryptographically secure way, assuming it is implemented well, despite
those multiple keys having the ability to decrypt your data.
I use 1Password. There are multiple keys that can unlock the other key
that can unlock my encrypted data. But just because I can see my passwords
in the app, and that there is a mechanism/code that can do the same
without the 1Password app to unlock and view my data, this does not mean
that 1Password has my keys, nor access to all my passwords.
Beckman
---------------------------------------------------------------------------
Peter Beckman Internet Guy
beckman at angryox.com http://www.angryox.com/
---------------------------------------------------------------------------
More information about the NANOG
mailing list