Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Google IT

Chrome Now Uses Duplex To Fix Your Stolen Passwords (techcrunch.com) 28

Google announced a new feature for its Chrome browser today that alerts you when one of your passwords has been compromised and then helps you automatically change your password with the help of... wait for it ... Google's Duplex technology. From a report: This new feature will start to roll out slowly to Chrome users on Android in the U.S. soon (with other countries following later), assuming they use Chrome's password-syncing feature. It's worth noting that this won't work for every site just yet. As a Google spokesperson told us, "the feature will initially work on a small number of apps and websites, including Twitter, but will expand to additional sites in the future."

Now you may remember Duplex as the somewhat controversial service that can call businesses for you to make hairdresser appointments or check opening times. Google introduced Duplex at its 2018 I/O developer conference and launched it to a wider audience in 2019. Since then, the team has chipped away at bringing Duplex to more tasks and brought it the web, too. Now it's coming to Chrome to change your compromised passwords for you.

This discussion has been archived. No new comments can be posted.

Chrome Now Uses Duplex To Fix Your Stolen Passwords

Comments Filter:
  • by Ostracus ( 1354233 ) on Tuesday May 18, 2021 @01:15PM (#61397342) Journal

    So basically Duplex is a digital assistant like what Apple's Knowledge Navigator wanted to be.

  • Google has to know my passwords, therefore they've been compromised... by Google.

    Screw Google with a broomstick. They sure ain't getting my passwords, and I'll take my chances with the other data thieves thank you very much.

    • Of course they know.

      I can reset my password with them and have access to my synced passwords. This is pretty duh IMO.

      Most (not all though) password sync options trade that security for convenience last I checked.

    • Re: (Score:3, Informative)

      > Google has to know my passwords, therefore they've been compromised... by Google.

      The better approach is, "if Google can tell if my passwords have been compromised, do they know my passwords?".

      That might lead you to discover k-anonymity:

      https://blog.cloudflare.com/va... [cloudflare.com]

      Instead, our approach adds an additional layer of security by utilising a mathematical property known as k-Anonymity and applying it to password hashes in the form of range queries. As such, the Pwned Passwords API service never gains en

    • Screw Google with a broomstick ...

      Nah, just fuck'em gently. With a chainsaw.

    • by Aubz ( 7986666 )
      Agree completely. Giving Google access to all of my passwords is giving the main enabler of the deep state access to my online life. Yeah, No, No, No. I actually use a LibreOffice spreadsheet rather than a password manager. A real pain in the ass but none of my passwords have been compromised yet. Touch wood.
  • ... could go wrong?
  • But the password manager does not work as well as it used to. The suggest strong password prompt does not always appear. The password does not seem to propagate among shared devices as well as it used to. So you end up going through reset password hell. It is great to know you password has been compromised, but again it is an issue of security versus usability.

    My concern is how long is it going to be before banks and the like use this against consumers. Your were told your password was compromised. You d

    • I would need to have an online relationship with my bank for that to be a problem.

      They send me a statement in the mail every month. I have an ATM card, and they still maintain a driveup window even with the pandemic.

    • and we are not going to help you get it back

      They already said they wouldn't when they renamed "online bank robbery" to "identity theft"

  • by sinij ( 911942 ) on Tuesday May 18, 2021 @02:02PM (#61397474)
    What happens when they arbitrarily decide to terminate your service or even worse, hold it hostage until you provide more PII to them? There are cases where Google demanded to see scans of passports before lifting Google-wide bans.
    • I have migrated away from there being anything important on my gmail account. I am using more and more mobile software from F-Droid. I could log entirely outvof Google fairly easily.

      For those who haven't explored this: export a copy of your contacts to local storage on your phone. If you disconnect from Google that is one of the most important things they take away.

    • by AmiMoJo ( 196126 )

      Your passwords are stored locally in Chrome and there is an export function. The exported passwords can be imported by Firefox.

      Having said that Google could do better. Make humans contactable when things go wrong, and if accounts are locked at least allow the owner to use the Takeout service to get their data.

    • There are cases where Google demanded to see scans of passports before lifting Google-wide bans.

      You say this like it's a bad thing. I would like to see every company put at least this base level of verification in their service. Way to end SIM swapping fraud and banking fraud in one fell swoop.

      • by sinij ( 911942 )
        It is a bad thing, because they are not doing it for your protection, but to collect more information about you. First, they created security hole by demanding cell phone number and making it a mandatory recovery mechanism, so SIM hijacking became possible. Then the solution, predictably, is to give up more and more PII to Google.

        For example, I had Gmail since invite-only which has strong unique password that I periodically change. I never provided Google with a phone number, yet they still regularly lock
  • False positives (Score:4, Insightful)

    by johnw ( 3725 ) on Tuesday May 18, 2021 @02:55PM (#61397614)

    Google keeps telling me that one of my passwords has been compromised. When I ask for details it gives me:

    Site: http://192.168.1.1/ [192.168.1.1]

    User: admin
    Password: admin

    I'm not sure that counts as a proper compromise. It certainly isn't one of my routers.

    • Re: (Score:2, Interesting)

      by Anonymous Coward

      Google keeps telling me that one of my passwords has been compromised. When I ask for details it gives me:

      Only the one? You haven't seen the worst of Googles problems.

      I have 70 such compromised passwords on internal IPs.
      Yet when I scroll down the list to the first compromised one, click to show it just to check and make sure, enter my decryption password, then click to delete that entry and get it out of the list... that's when the list jumps to the top.

      It can take nearly 2 minutes to check each one.

      I'm proverbially 99% sure they are all blank or 'admin' or other defaults.
      But since it would take over two hou

    • Oh I'm so screwed! Google cracked my router! Thank God they attributed I to another Slashdot reader...! I guess I'm still safe.
  • ...a phishing scam. if you felt envious because only Windows users get those 'official Microsoft' calls from India & the Philippines to 'fix' your PC for you, now you can expect the same for Google's services. Nice move, Google.
  • I read TFA and still don't understand why Google needs to call my hairdresser to change my password?

  • Most people are probably giving google enough of their information without blatantly passing their credentials as well. This becomes even more alarming with people using Google authenticator and having a false 2FA sense of security.
  • you out.

    Seriously. A YouTube comment is all it takes to get locked out of your Google account forever.

    When only Google knows all of your passwords, you lose your entire online inventory, everything, in an instant, with no appeals process and no chance to get it back, as the recovery mail address is probably also under Google's control and therefore gone.

    One comment on YouTube is all it takes to get your online presence cancelled, remember that.

    Google is already scanning your personal Google Drive files and

Don't tell me how hard you work. Tell me how much you get done. -- James J. Ling

Working...