On Fri, Jun 11, 2021 at 12:32 PM Peter Beckman <beckman@angryox.com> wrote:
On Fri, 11 Jun 2021, William Herrin wrote:

> On Fri, Jun 11, 2021 at 9:42 AM César de Tassis Filho
> <ctassisf@gmail.com> wrote:
>> Google does not have access to your plain-text passwords in either case.
>
> If they can display the plain text passwords to me on my screen in a
> non-Google web browser then they have access to my plain text
> passwords. Everything else is semantics.

  Untrue. If you have a key on your computer, such as was mentioned that
  the Google key may be stored locally in the MacOS Keychain, and you unlock
  your MacOS Keychain with your local laptop login password, which is also
  stored on an encrypted disk volume, that does not mean those passwords
  have left your computer in plain text, or that Google has this key that
  lives in your keychain.

  I agree, if they do, that's terrible. But I haven't seen any evidence that
  they do.

However, if the password is entered on one device (Android device, for example, 
as mentioned in the original post), and then is visible in clear-text on a different 
browser on a different device (laptop, for example, again, from the original post),
then clearly the password has left the original device in a form which is reversible 
to the original clear text.  You can argue that it may be stored "in the cloud" in 
encrypted form; but it's clearly being stored in a manner which can be reversed 
to gain access to the original clear text, and using a key which is known to both 
devices involved, and to the cloud system validating that authentication.

This isn't about seeing the passwords in clear text on the same device 
upon which they were entered; this is about a *separate* device having 
visible access to the clear text of a password that was not entered via 
that device.

If the laptop had required Bill to enter a decryption key first in order to 
see the clear text, and that decryption key was one he had manually 
configured on both devices, stored only locally on each device, then 
you might be able to argue that the cloud never has visibility into the 
passwords; but if the keys are encrypted using a gmail login credential, 
which is itself stored and verified within the same cloud environment as 
the encrypted password strings it is protecting, then your two factor 
security has collapsed back down into a single point of compromise; 
compromise the google password, and you have access to all the 
passwords that were uploaded and stored in the system unbeknownst 
to the user.

That's the part that would leave me concerned. 
Having my email password compromised?  
That's a bit of a "meh" moment.
Suddenly discovering that one password now gave access to 
potentially all my financial accounts as well?  
That's a wake up in the night with cold sweats moment.  :(

Matt