Google stores encrypted passwords. By default it uses your own Google Account password as part of the key to decrypt your other synced passwords. But you can change that and use a custom "sync passphrase". Once you're logged in your device can decrypt your passwords and compare them against databases of known compromised passwords. Google does not have access to your plain-text passwords in either case. More info: https://support.google.com/accounts/answer/6208650 https://security.googleblog.com/2020/10/new-password-protections-and-more-in... Regards, César On Fri, Jun 11, 2021 at 1:05 PM William Herrin <bill@herrin.us> wrote:
Howdy,
My gmail account prompted me today to change a compromised password. It wasn't compromised; it was an offline system where I intentionally used a generic password. But in the process...
It turns out that every password I allowed Chrome on Android to remember, it uploaded to Google. In plain text!! And it could prove it by displaying the plain text passwords for me on my laptop. And I can't turn the upload off!
To the google folks on here: Are you INSANE!?
Regards, Bill Herrin
-- William Herrin bill@herrin.us https://bill.herrin.us/