
Google Stores Your Old Passwords - Garbage
http://googlesystem.blogspot.com/2011/12/google-stores-your-old-passwords.html
======
denzil_correa
Doesn't quite make sense to me. Probably, they are just storing the hash.
Isn't it?

------
bradleyland
This is pretty common practice from a security standpoint. Many password
security policies deny you the ability to reuse past passwords.

It seems scary to the layman, but I'd imagine that Google is using secure,
non-reversible encryption on passwords, so it's a non-issue.

------
maytc
The end of the article, the post confirms that Google stores a hash of the
password. Very misleading from the title of the article.

------
tbassetto
When you change your Google account password, if you enter one of your
previous password you will see a warning like "You can't set a previous
password". That's right, impossible to set one of the password your used in
the past.

And Facebook does the same. I've already seen "You tried to use an old
password. It has been changed a few days ago.".

------
dchest
Nowhere in the quoted text it says that they store password. Account recovery
page doesn't ask for it. I think they just store the time of last password
change.

~~~
j_s
It may be possible to interpret the quoted text in the manner you specify, but
the article's author has clarified in the comments that the notice only
appears when an old password is entered.

quoted: "It looks like you've attempted to sign in using an old password."
(Specifically: not "an incorrect/wrong/invalid password", but "an old
password".)

comment on article: "Not true. The message is only displayed when you enter an
old password."

