I just got an email from Google letting me know that some passwords I saved in Chrome were leaked in a third party breach.

Luckily, I had changed the passwords for KeePassXC long ago.

Does it mean that Google keeps my passwords in plaintext though?

Follow

I don't mean that they don't encrypt the data at rest. I mean that even if they do, they have the access to the key to decrypt it and have access to my plaintext passwords at any point.

I don't like it.

· · Web · 3 · 0 · 1

@alxd
I generally assume that if Google runs it, they have access to everything it contains.

@alxd Seems fishy. They might be hashing them and then sending that hash off somewhere?

Not a good idea regardless.

@alxd I got this too, had the same thought... but it’s their cloud password manager, they have to have them available as plaintext one way or another, no?

@tynanpants if they want to make them readable in the web interface, yes. If they would be decrypted only on client, it'd be a different story.

@alxd Oh gosh, I hadn't even thought about sending the passwords over the wire. Wonder how they do it. Seems important! Haha

Sign in to participate in the conversation
Writing Exchange

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!