How does Google know all my passwords?

Discussion in 'IT & Internet' started by Ian J, Jan 27, 2020.

  1. Ian J

    Ian J Factoring Specialist Full Member - Verified Business

    5,537 1,626
    I rarely log in to my Google account but I did this morning and Google enquired whether I wanted a password check so I clicked on "yes"

    It checked my 55 saved passwords and said that I had 7 compromised passwords, 53 re-used passwords and 51 accounts using a weak password and listed all of the websites that had one or more of the above problems

    How the hell does Google know all of my passwords as I thought that they were supposed to be encrypted and should I be concerned?

    There are three sites with my wife's email address on where I assume that she used my computer to access and worryingly Google's list contains an icon by each to display the password
     
    Posted: Jan 27, 2020 By: Ian J Member since: Nov 6, 2004
    #1
  2. Mr D

    Mr D UKBF Legend Free Member

    19,087 2,211
    Is google storing your passwords? Or your computer and you have given google access?

    Its a good idea to practice password security and change them often. Much harder for someone to do something with a password you give out if its no longer used by you.
     
    Posted: Jan 27, 2020 By: Mr D Member since: Feb 12, 2017
    #2
  3. UKSBD

    UKSBD Not a real duck Staff Member

    9,544 1,799
    Posted: Jan 27, 2020 By: UKSBD Member since: Dec 30, 2005
    #3
  4. TotalWebSolutions

    TotalWebSolutions UKBF Ace Full Member - Verified Business

    2,615 615
    Are you using Chrome as your web browser? If so you'll have checked to save the passwords for each website at some point (an easy click when registering or logging in).
     
    Posted: Jan 27, 2020 By: TotalWebSolutions Member since: Sep 29, 2009
    #4
  5. Ian J

    Ian J Factoring Specialist Full Member - Verified Business

    5,537 1,626
    No. I have used Internet Explorer for many years and have recently moved to Edge.

    I do click the "save password" box on most sites but expected the browser to save them and not Google
     
    Posted: Jan 27, 2020 By: Ian J Member since: Nov 6, 2004
    #5
  6. UKSBD

    UKSBD Not a real duck Staff Member

    9,544 1,799
    Probably from a mobile or tablet that was signed in to your Google account (possibly without you even knowing it)
     
    Posted: Jan 27, 2020 By: UKSBD Member since: Dec 30, 2005
    #6
  7. gpietersz

    gpietersz UKBF Enthusiast Full Member

    630 124
    I think the most likely explanation is sync from a mobile device. If you are syncing across devices you might want to consider Firefox with a master password set up which will encrypt the stored passwords so only your devices can decrypt them.


    If you share a computer, even occasionally, use separate logins or have a guest login for other users to share. Some OSes have guest logins that are cleaned up (all data reset) on logout.
     
    Posted: Jan 27, 2020 By: gpietersz Member since: Sep 10, 2019
    #7
  8. fisicx

    fisicx It's Major Clanger! Staff Member

    31,583 9,280
    Google knows and remembers your history. It knows and remembers what you have typed.

    And because Edge now uses Chromium it means Google now has access to your Edge data.

    This is why I block everything and never use Chrome.
     
    Posted: Jan 27, 2020 By: fisicx Member since: Sep 12, 2006
    #8
  9. gpietersz

    gpietersz UKBF Enthusiast Full Member

    630 124
    @fisicx not sure about that, depends what MS has done with it. If they enable tracking of that sort I would expect them to send the info to them, not Google. They seem to have disabled/removed a lot of stuff: https://imgur.com/a/ixbEqfT

    A number of browsers designed for privacy are Chromium based too - SRWare Iron and Brave for a start. Chromium itself (the pure open source version, which I use as well as Firefox) does not send browsing information to Google. Good discussion of Chromium here https://www.reddit.com/r/privacy/comments/34tc2f/how_safe_is_chromium_privacy_wise/
     
    Posted: Jan 27, 2020 By: gpietersz Member since: Sep 10, 2019
    #9
  10. The Byre

    The Byre UKBF Ace Free Member

    9,374 3,727
    Passwords - don't save them! CALCULATE THEM!

    It's easier than you think. Use a key to multiply a number based on the first few letters of the site you are visiting and mix it with variable numbers that you can and are bound to remember.

    My passwords are usually about 20 letters and numbers long that appear random and jumbled up and I neither remember them nor do I write them down anywhere.
     
    Posted: Jan 27, 2020 By: The Byre Member since: Aug 13, 2013
    #10
  11. KAC

    KAC UKBF Ace Free Member

    1,105 251
    Sounds an interesting option.

    Can you give an example as to how it works? Not a real one of course :D
     
    Posted: Jan 27, 2020 By: KAC Member since: May 7, 2017
    #11
  12. Mr D

    Mr D UKBF Legend Free Member

    19,087 2,211
    Someone suggested a while back that people use say the last 10 digits of pi as a password.
    After all, who will bother to work it out before the undertakers arrive? :)
     
    Posted: Jan 27, 2020 By: Mr D Member since: Feb 12, 2017
    #12
  13. gpietersz

    gpietersz UKBF Enthusiast Full Member

    630 124
    There is software (both browser extensions and free standing) that will do it for you.
     
    Posted: Jan 27, 2020 By: gpietersz Member since: Sep 10, 2019
    #13
  14. KAC

    KAC UKBF Ace Free Member

    1,105 251
    ... but do I / should I trust them?
     
    Posted: Jan 27, 2020 By: KAC Member since: May 7, 2017
    #14
  15. The Byre

    The Byre UKBF Ace Free Member

    9,374 3,727
    No!
     
    Posted: Jan 27, 2020 By: The Byre Member since: Aug 13, 2013
    #15
  16. KAC

    KAC UKBF Ace Free Member

    1,105 251
    Exactly why I don't use them :cool:
     
    Posted: Jan 27, 2020 By: KAC Member since: May 7, 2017
    #16
  17. Nico Albrecht

    Nico Albrecht UKBF Enthusiast Full Member - Verified Business

    681 123
    As a side note from a forensic point:

    I can extract passwords entered by the user on various login screens using a Web browser. However, there are some restrictions:

    • The analysis works for Firefox, Chrome, Edge and Opera only. Safari and Internet Explorer are not really possible at the moment
    • If a user did not select to store their passwords, there is no way to extract them using browser analysis
    • For Opera, it is not possible to determine which of the saved fields was a login and which was a password, so I would need to guess, and I may guess incorrectly. The reason for that is that Opera stores its passwords in the random order and uses the site contents to determine what stored value should go to what field
     
    Posted: Jan 27, 2020 By: Nico Albrecht Member since: May 2, 2017
    #17
  18. SesO

    SesO UKBF Contributor Free Member

    39 4
    Hi,

    Are you asking your computer to store them so that it is easier for you to login next time you go online on your computer?

    Also, its better to have a different passwords and they should all include numbers and letters.
     
    Posted: Jan 27, 2020 By: SesO Member since: Nov 6, 2019
    #18
  19. alan1302

    alan1302 UKBF Enthusiast Free Member

    736 132
    No, that's not true
     
    Posted: Jan 27, 2020 By: alan1302 Member since: Jun 2, 2018
    #19
  20. patery

    patery UKBF Contributor Free Member

    30 7
    You signed all this data over to google when you signed up. Everything that happens on that browser they know about and for ease of access they store passwords. This is mainly because of cookies and other website data that google collect with your permission.

    Hope this helped
     
    Posted: Jan 27, 2020 By: patery Member since: Nov 23, 2019
    #20