I just got an email from Google letting me know that some passwords I saved in Chrome were leaked in a third party breach.

Luckily, I had changed the passwords for KeePassXC long ago.

Does it mean that Google keeps my passwords in plaintext though?

Follow

I don't mean that they don't encrypt the data at rest. I mean that even if they do, they have the access to the key to decrypt it and have access to my plaintext passwords at any point.

I don't like it.

· · Web · 3 · 0 · 1

@alxd
I generally assume that if Google runs it, they have access to everything it contains.

@alxd Seems fishy. They might be hashing them and then sending that hash off somewhere?

Not a good idea regardless.

@alxd I got this too, had the same thought... but it’s their cloud password manager, they have to have them available as plaintext one way or another, no?

@tynanpants if they want to make them readable in the web interface, yes. If they would be decrypted only on client, it'd be a different story.

@alxd Oh gosh, I hadn't even thought about sending the passwords over the wire. Wonder how they do it. Seems important! Haha

Sign in to participate in the conversation
Writing Exchange

A small, intentional community for poets, authors, and every kind of writer.