I just got an email from Google letting me know that some passwords I saved in Chrome were leaked in a third party breach.

Luckily, I had changed the passwords for KeePassXC long ago.

Does it mean that Google keeps my passwords in plaintext though?

#cybersec #cybersecurity #google #passwords #leak

@alxd

Either that, or they obtained the list of exposed passwords, hashed them with whatever hashing method they use, then compare hashes against the ones that you've got saved.

A match=Compromised password.

That's how I'd do it if I were trying to protect my users without infringing on their privacy.

@GigaByte4711 Yeah, but Google Password Manager can show you your decrypted passwords online, even if they didn't leak. Google can decrypt them on their own server, that's the problem.

@alxd @GigaByte4711 look at it this way: you have no way of ascertaining they cannot.

So it's best to assume whatever you hand to such a service is not controlled by you anymore.

Follow

@fedops @alxd

"So it's best to assume whatever you hand to such a service is not controlled by you anymore."

Agreed.

I'm not sure how google hashes/encrypts those passwords, but obviously its not a one-way method. I reckon there's a chance that they use your google password (or another auth token) to encrypt your plaintext password, allowing you to decrypt it.

Again, we don't know, so we can't be sure.

Β· Β· Tusky Β· 0 Β· 0 Β· 1
Sign in to participate in the conversation
Whitespashe Mastodon

This is a mastodon instance that allows users to share ideas and participate in discussions.

Whitespashe is named after the Admins' first joint coding project, which replaced spaces within a Word document with non-printable characters.
This would preserve readability, but would fool plagiarism detection sites such as Turnitin.
This site was named after this project, as it represents a desire to create whilst simultaneously sticking it to the Man (or in this case, the hellscape that is Twitter).

We have a hidden service frontend running at: http://whtspshcehqg4nj4wqyiopjcfxradop7ujflycxum7wkfivewqt36zyd.onion

Our code of conduct and extended information can be found after the 'Learn More' link below!