I just got an email from Google letting me know that some passwords I saved in Chrome were leaked in a third party breach.

Luckily, I had changed the passwords for KeePassXC long ago.

Does it mean that Google keeps my passwords in plaintext though?

#cybersec #cybersecurity #google #passwords #leak

@alxd It needs to be able to retrieve the original form of the passwords somehow. How would it otherwise be able to send it to websites that expect it? That's the modus operandi of all password managers, Google or not, encrypted or not.

@phoe But presumably it has a master password used to decrypt the blob? That shouldn't ever leave your browser session, should it? I.e., it shouldn't be stored persistently and shouldn't be sent to any servers. @alxd @kensanata


@edavies That's how it should work. Google seems to think otherwise.

@alxd @kensanata

Sign in to participate in the conversation
Functional Café

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!