Kitz Forum
Internet => General Internet => Topic started by: Chrysalis on June 01, 2021, 04:16:37 PM
-
So I recently enabled saved passwords feature on one of my phones. I saved two passwords.
Today I got an email saying google has detected where my account is compromised on site breaches, and after logging into to google I have a list of websites where my account is compromised.
It includes a lot of uk companies, I expect they all havent been breached but rather whats happened is this is a user/password combo I used commonly before I started using a password manager, and then some tool has been used to detect which websites it works on.
This is useful info from google but the bit I really didnt like is that google has added all these sites with the username/password to my saved password list on my google account, as if it has gone out harvesting for data to add.
I am not sure though, but here is the count.
145 exposed passwords, according to google these were revealed in data breaches, it includes sites like argos, ebuyer game uk and iceland.
Below this it has a bigger list of where it has been detected the use of the same password/combo of 206 sites, presumably this suggests that the 145 have been breached and the extra 60 or so are just detected to use the same combo.
---
Its old data, a lot of the sites I dont use that password anymore, I also noticed in cases if they got the username wrong, if I tried to change the username on google's records it reports its already in use on that site, as if it has their database.
---
Still shifting through the data, its harvested over 400 outdated passwords in total, many also from lan ip's so it must have imported back from when I was using chrome without permission (browser was never logged into google account). They as bad as facebook.
-
I definitely don't like the idea of some Google robot trying any of my credentials to see what sites they work on. Were these tests all done using the two passwords you saved on your phone? I suppose it's a big disadvantage of simple password managers that their saved passwords can be decrypted to clear text. Ideally you'd want some master password or key without which they can't be decrypted.
-
Last I checked Google Chrome would show your passwords to anyone who could access your PC, no questions asked. Its one reason I never saved passwords on it vs Firefox where you can set a master password which has to be provided before your passwords are accessible and also must be entered again if you want to view them at any point.
-
I definitely don't like the idea of some Google robot trying any of my credentials to see what sites they work on. Were these tests all done using the two passwords you saved on your phone? I suppose it's a big disadvantage of simple password managers that their saved passwords can be decrypted to clear text. Ideally you'd want some master password or key without which they can't be decrypted.
The two new passwords on the phone were unique strong passwords, but I in the past did things badly and hence on some sites I have been registered on for a decade+ I was using a common password.
-
Last I checked Google Chrome would show your passwords to anyone who could access your PC, no questions asked. Its one reason I never saved passwords on it vs Firefox where you can set a master password which has to be provided before your passwords are accessible and also must be entered again if you want to view them at any point.
On my PC Chrome asks for my Windows credentials before showing any stored passwords.
:)
-
On my PC Chrome asks for my Windows credentials before showing any stored passwords.
:)
Nice that they've finally fixed it then, it was an issue for a long long time.