It must be true because Google was able to show me the password I was using on this site…
Strange. Is there a link for checking?
With the site having https and being upto date it should be secure.
If it can be determined how; I can report on Discourse Meta.
It has to be a password you registered with Google. You go to Account Management (Google) and Security Checkup. This is where a report says that my OpenMR password was pirated. Maybe it was only my pw that was cracked. I don’t know.
Mine is stored in google as well. I can tell you as an admin I cannot view passwords of others as it is encrypted.
Just checked only showing some really old sites I no longer use. But no real specifics on what the issue is with them regarding passwords.
Mine is stored on Google as well.
If you registered the password with Google is that not how it knows?
Lol just checked and mine said 55 sites ‘Found in data breach’ but this one was not on the list. My gut feeling is it maybe its using general reports of breaches rather than specific accounts/passwords?
I was concerned Dominoes Pizza was the on the list - because if I get locked out of that I will starve
Very valid as I have had to check what a password is on some sites when auto sign in or using a different device.
It knows your password of course since you registered it but I think that Google notifies you when they can find your password in the wild. Just a guess because I don’t know how it works.
Probably most likely scenario is that your password was involved in a data breach unrelated to OpenMR and its warning you that you’re using this password on OpenMR.
I had a password security breach warning today also.
But I dont know where it came from, I mean what website got hacked and revealed password.
Exactly… I’ve had this happen too.
Maybe but I was using the same password for 2 other sites and the indication about pw being pirated was only on OpenMR. For the two other sites, it was only saying that the pw was also used somewhere else. I don’t know…
I made my passwords different everywhere now.
You can check here: https://haveibeenpwned.com/
If you provide your user name you used for some online accounts (typically the email address), it will spit out the logins that were breached (and are now a public knowledge) together with the passwords you used .