Re: Google uploading your plain text passwords

[Peter Beckman <beckman () angryox com>]

On Fri, 11 Jun 2021, William Herrin wrote:

> On Fri, Jun 11, 2021 at 9:42 AM César de Tassis Filho
> <ctassisf () gmail com> wrote:
> > Google does not have access to your plain-text passwords in either case.
>
> If they can display the plain text passwords to me on my screen in a
> non-Google web browser then they have access to my plain text
> passwords. Everything else is semantics.

 Untrue. If you have a key on your computer, such as was mentioned that
 the Google key may be stored locally in the MacOS Keychain, and you unlock
 your MacOS Keychain with your local laptop login password, which is also
 stored on an encrypted disk volume, that does not mean those passwords
 have left your computer in plain text, or that Google has this key that
 lives in your keychain.

 I agree, if they do, that's terrible. But I haven't seen any evidence that
 they do.

 You can have multiple keys to encrypted data, and it is still stored in a
 cryptographically secure way, assuming it is implemented well, despite
 those multiple keys having the ability to decrypt your data.

 I use 1Password. There are multiple keys that can unlock the other key
 that can unlock my encrypted data. But just because I can see my passwords
 in the app, and that there is a mechanism/code that can do the same
 without the 1Password app to unlock and view my data, this does not mean
 that 1Password has my keys, nor access to all my passwords.

Beckman
---------------------------------------------------------------------------
Peter Beckman                                                  Internet Guy
beckman () angryox com                                 http://www.angryox.com/
---------------------------------------------------------------------------