nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Google uploading your plain text passwords

From: César de Tassis Filho <ctassisf () gmail com>
Date: Fri, 11 Jun 2021 13:41:28 -0300
Google stores encrypted passwords. By default it uses your own Google
Account password as part of the key to decrypt your other synced passwords.
But you can change that and use a custom "sync passphrase".

Once you're logged in your device can decrypt your passwords and compare
them against databases of known compromised passwords.

Google does not have access to your plain-text passwords in either case.

More info:
https://support.google.com/accounts/answer/6208650
https://security.googleblog.com/2020/10/new-password-protections-and-more-in.html

Regards,
César

On Fri, Jun 11, 2021 at 1:05 PM William Herrin <bill () herrin us> wrote:


Howdy,

My gmail account prompted me today to change a compromised password.
It wasn't compromised; it was an offline system where I intentionally
used a generic password. But in the process...

It turns out that every password I allowed Chrome on Android to
remember, it uploaded to Google. In plain text!! And it could prove it
by displaying the plain text passwords for me on my laptop. And I
can't turn the upload off!

To the google folks on here: Are you INSANE!?

Regards,
Bill Herrin


--
William Herrin
bill () herrin us
https://bill.herrin.us/
Previous By Date Next
Previous By Thread Next

Current thread: