How does Google know all my passwords?

Discussion in 'IT & Internet' started by Ian J, Jan 27, 2020.

  1. patery

    patery UKBF Contributor Free Member

    30 7
    Yes, you should legally as long as you use a trusted company they do not store your data in a place where any hackers can get it easily even if they get into most of the company as these companies have security on the same levels as government related things (Usually better) They are more safe than any other method that you could try and imo are a necessity if you are serious about online security.
     
    Posted: Jan 27, 2020 By: patery Member since: Nov 23, 2019
    #21
  2. Craig Bird

    Craig Bird UKBF Regular Full Member

    105 10
     
    Posted: Jan 28, 2020 By: Craig Bird Member since: Feb 24, 2017
    #22
  3. Ian J

    Ian J Factoring Specialist Full Member - Verified Business

    6,169 2,035
    Yes but I assumed that whilst Microsoft may well have access to my passwords through my use of Internet Explorer I didn't realise that Google would too and I also assumed that IE would have stored them in an encrypted fashion too.

    It seems that if anyone hacks in to my little used Google account they also gain access to all my passwords but fortunately my bank and credit card accounts weren't included in the lengthy list of passwords
     
    Posted: Jan 28, 2020 By: Ian J Member since: Nov 6, 2004
    #23
  4. The Byre

    The Byre UKBF Legend Full Member

    10,222 4,220
    Medium security - Take a series of numbers - anything will do. NI number, your secret lover's telephone number, an old bank account number, whatever. Give it a letter. Your lover is L, the bank is B, the NI number is N. Now take the first three or four letters of the site you are visiting. If it is an email provider and the name is Gmail, break up the numbers into blocks and place the letter that comes after the letter in the alphabet between those blocks. Now all you have to remember is the order in which those blocks come - LBN, NBL, BNL, etc.

    So if we want to go to Gmail and our Lover has the tel.no. 12345678 and our Bank is 87654321 and our access code is BL, then the password is simply 8765h4321n1234b5678.

    You can, of course, vary that and make the blocks of different lengths and go for two or three letters between blocks. All you have to remember is the order NL or whatever turns you on. Once you get used to it, it is a remarkably quick and easy way to have a decent password and 28.7-times better than handing over your security to Google.
     
    Posted: Jan 28, 2020 By: The Byre Member since: Aug 13, 2013
    #24
  5. UKSBD

    UKSBD Not a real duck Staff Member

    10,170 1,995
    The problem is, that's all irrelevant if when entering that password anywhere you are signed in to your Google account and inadvertently tick a box saying save this password for next time you login to this site. Which is really easy to do without even knowing you have (especially on a mobile)
     
    Posted: Jan 28, 2020 By: UKSBD Member since: Dec 30, 2005
    #25
  6. The Byre

    The Byre UKBF Legend Full Member

    10,222 4,220
    Old German saying - "Mit der Dummheit kämpfen Götter selbst vergebens!" (Against stupidity, the gods themselves do battle in vain!)
     
    Posted: Jan 28, 2020 By: The Byre Member since: Aug 13, 2013
    #26
  7. UKSBD

    UKSBD Not a real duck Staff Member

    10,170 1,995
    Others would disagree.

    There are numerous sites where I save my login details or stay logged in.

    I just make sure that I use different passwords on different sites and only save the login details on sites that aren't important
     
    Posted: Jan 28, 2020 By: UKSBD Member since: Dec 30, 2005
    #27
  8. alan1302

    alan1302 UKBF Ace Free Member

    1,635 301
    The only way Google will know your passwords would be for you to have allowed them to. Using Internet Explorer or Edge would not give Google that access so you must have done it at one time elsewhere. Maybe on a mobile phone and used Chrome?
     
    Posted: Jan 28, 2020 By: alan1302 Member since: Jun 2, 2018
    #28
  9. JEREMY HAWKE

    JEREMY HAWKE UKBF Legend Full Member

    5,169 1,764
    @Ian J I think the Russians are on to you :confused::eek:
     
    Posted: Jan 28, 2020 By: JEREMY HAWKE Member since: Mar 4, 2008
    #29
  10. UKSBD

    UKSBD Not a real duck Staff Member

    10,170 1,995
    Following on from this post

    Just checked my history for this morning alone and I've been to at least 10 websites where I was either already logged in to or my login details were remembered.

    The thought of having to sign in and re-enter a password every time would drive me mad.
     
    Posted: Jan 28, 2020 By: UKSBD Member since: Dec 30, 2005
    #30
  11. Ian J

    Ian J Factoring Specialist Full Member - Verified Business

    6,169 2,035
    They aren't going to learn much about me from the boring sites that I visit - this one excepted of course
     
    Posted: Jan 28, 2020 By: Ian J Member since: Nov 6, 2004
    #31
  12. Mr D

    Mr D UKBF Legend Free Member

    24,305 2,949
    Depends how much security you want.

    To be secure you use separate logins for each site and you change all passwords regularly.

    Many appear to use one password for all things, never change it - then give it away to someone.
     
    Posted: Jan 28, 2020 By: Mr D Member since: Feb 12, 2017
    #32
  13. UKSBD

    UKSBD Not a real duck Staff Member

    10,170 1,995
    The only time I've changed my password here was when I logged out once but then couldn't remember it when trying to log back in.
     
    Posted: Jan 28, 2020 By: UKSBD Member since: Dec 30, 2005
    #33
  14. gpietersz

    gpietersz UKBF Ace Full Member

    1,410 333
    If they are open source and sufficiently widely used that people are likely to have looked at the source, yes.

    @Nico Albrecht how? Have you written this up? Can you do it without access to the users computer or having first compromised it in some way?
     
    Posted: Jan 28, 2020 By: gpietersz Member since: Sep 10, 2019
    #34
  15. Nico Albrecht

    Nico Albrecht UKBF Enthusiast Full Member - Verified Business

    829 168
    No need to compromise the computer first, encrypted local browser data is not that hard to gain access to. Access to the user computer helps quite a bit. But don't be fooled that any encrypted browser password in firefox will hold up much. Next vulnerability is live ram data extraction, as long as the OS doesn't encrypted the ram content this would open up another angle of attack for any 3rd party tool.
     
    Last edited: Jan 28, 2020
    Posted: Jan 28, 2020 By: Nico Albrecht Member since: May 2, 2017
    #35
  16. gpietersz

    gpietersz UKBF Ace Full Member

    1,410 333
    @Nico Albrecht that surprises me. I have not read of any Firefox password manager vulnerability apart from the master password bypass one! Can you tell me any more?

    That said, I always felt standalone password managers were a better bet.
     
    Posted: Jan 28, 2020 By: gpietersz Member since: Sep 10, 2019
    #36
  17. DontAsk

    DontAsk UKBF Ace Free Member

    1,531 228
    I use something similar but then it breaks down when you find a site that stupidly insists on a special character such as '$'. Other sites disallow special characters. There's no one system that fits all.
     
    Posted: Jan 28, 2020 By: DontAsk Member since: Jan 7, 2015
    #37
  18. The Byre

    The Byre UKBF Legend Full Member

    10,222 4,220
    I've experienced the same problem and use 8765h4321-n-1234b5678 or similar, but one has to write that down somewhere and only for extreme and unavoidable cases - otherwise, I avoid daft password stipulations. You want my custom, you use my PW system.
     
    Posted: Jan 28, 2020 By: The Byre Member since: Aug 13, 2013
    #38
  19. Nico Albrecht

    Nico Albrecht UKBF Enthusiast Full Member - Verified Business

    829 168
    To make it short the password complexity is almost irrelevant as it is a single point of failure once compromised. If Ian is concerned about passwords that could float around in a google data centre or a 3rd party gained access 2 factor authentication protection is the only viable option.

    Creating complex passwords is as safe as creating none complex ones and a lot of stuff from the early 00's such as changing password on a regular base is actually considered not very good practice anymore and has a higher risk. A password is safe until it is considered compromised, the complexity doesn't matter. With many website only allowing a few wrong password before you get blocked anyway the complexity of passwords is even less relevant.

    Secure your critical accounts with either geo tagging or 2 factor authentication.

    The biggest risk with entering passwords on websites is either on your computer by 3rd party elevated software such as antivirus or browser extension monitoring data and transferring it back. Free avast and avg are know to send your visited websites back to them. Also anti virus solutions run with elevated privileges they can easily access restricted browser caches and ram content.

    Next risk is the website saving your password can be compromised in many ways.

    No, this is R&D + business secrets but there are tons of good articles on the web explaining it in detail how it can be done.
     
    Posted: Jan 28, 2020 By: Nico Albrecht Member since: May 2, 2017
    #39
  20. Mjay

    Mjay UKBF Newcomer Free Member

    1 0
    If you're using Google Chrome and registered/logged in on a website, a pop-up appears on the top giving you the option to "save" the password or "never". It's possible that you selected "save" hence, all your passwords being saved.
    Hope that helped.
     
    Posted: Aug 16, 2020 By: Mjay Member since: Aug 16, 2020
    #40