Google Advised Me that OpenMR has Divulged My Password

JFRacing · January 26, 2021, 3:02pm

It must be true because Google was able to show me the password I was using on this site…

Heliosurge · January 26, 2021, 3:36pm

Strange. Is there a link for checking?

With the site having https and being upto date it should be secure.

If it can be determined how; I can report on Discourse Meta.

JFRacing · January 26, 2021, 4:07pm

It has to be a password you registered with Google. You go to Account Management (Google) and Security Checkup. This is where a report says that my OpenMR password was pirated. Maybe it was only my pw that was cracked. I don’t know.

Heliosurge · January 26, 2021, 4:20pm

Mine is stored in google as well. I can tell you as an admin I cannot view passwords of others as it is encrypted.

Just checked only showing some really old sites I no longer use. But no real specifics on what the issue is with them regarding passwords.

MarkD · January 26, 2021, 4:33pm

Mine is stored on Google as well.

If you registered the password with Google is that not how it knows?

Lol just checked and mine said 55 sites ‘Found in data breach’ but this one was not on the list. My gut feeling is it maybe its using general reports of breaches rather than specific accounts/passwords?

I was concerned Dominoes Pizza was the on the list - because if I get locked out of that I will starve

Heliosurge · January 26, 2021, 4:21pm

Very valid as I have had to check what a password is on some sites when auto sign in or using a different device.

JFRacing · January 26, 2021, 4:26pm

It knows your password of course since you registered it but I think that Google notifies you when they can find your password in the wild. Just a guess because I don’t know how it works.

NextGenVR · January 26, 2021, 4:50pm

Probably most likely scenario is that your password was involved in a data breach unrelated to OpenMR and its warning you that you’re using this password on OpenMR.

Ludiks · January 26, 2021, 5:22pm

I had a password security breach warning today also.
But I dont know where it came from, I mean what website got hacked and revealed password.

DrWilken · January 26, 2021, 6:21pm

Exactly… I’ve had this happen too.

JFRacing · January 26, 2021, 6:53pm

Maybe but I was using the same password for 2 other sites and the indication about pw being pirated was only on OpenMR. For the two other sites, it was only saying that the pw was also used somewhere else. I don’t know…

I made my passwords different everywhere now.

risa2000 · January 26, 2021, 11:34pm

You can check here: https://haveibeenpwned.com/
If you provide your user name you used for some online accounts (typically the email address), it will spit out the logins that were breached (and are now a public knowledge) together with the passwords you used .