On Fri, 11 Jun 2021, William Herrin wrote:
On Fri, Jun 11, 2021 at 9:42 AM César de Tassis Filho <ctassisf@gmail.com> wrote:
Google does not have access to your plain-text passwords in either case.
If they can display the plain text passwords to me on my screen in a non-Google web browser then they have access to my plain text passwords. Everything else is semantics.
Untrue. If you have a key on your computer, such as was mentioned that the Google key may be stored locally in the MacOS Keychain, and you unlock your MacOS Keychain with your local laptop login password, which is also stored on an encrypted disk volume, that does not mean those passwords have left your computer in plain text, or that Google has this key that lives in your keychain. I agree, if they do, that's terrible. But I haven't seen any evidence that they do. You can have multiple keys to encrypted data, and it is still stored in a cryptographically secure way, assuming it is implemented well, despite those multiple keys having the ability to decrypt your data. I use 1Password. There are multiple keys that can unlock the other key that can unlock my encrypted data. But just because I can see my passwords in the app, and that there is a mechanism/code that can do the same without the 1Password app to unlock and view my data, this does not mean that 1Password has my keys, nor access to all my passwords. Beckman --------------------------------------------------------------------------- Peter Beckman Internet Guy beckman@angryox.com http://www.angryox.com/ ---------------------------------------------------------------------------