I can open my Gmail account from my browser and can log in to various sites using my Google account, without inputting my password.
Where is it stored?
It's not in the password manager that stores my other passwords.
So where is it?
Logged into Chrome?
I've checked my sofa...and it isn't there...
It's not sending your password via the browser when you move to other Google products. There's one overall Google account, so when you log in to Gmail you're also logging in to Youtube, Search, Maps, etc etc etc
Where's your Gmail password stored? That's your answer. Once logged in, Google keeps track of the authentication and doesn't need to log you in as such every time you move to a different site.
Edit: Also applies to non-Google sites using Google authentication for log in.
At a guess I would say that Google have it somewhere nice and safe, it will be salted and hashed (one way encryption). If you are logging into other sites then they are probably using OAuth.
OAuth:
OAuth, or open authorization, is a widely adopted authorization framework that allows you to consent to an application interacting with another on your behalf without having to reveal your password. It does this by providing access tokens to third-party services without exposing user credentials.
Where’s your Gmail password stored? That’s your answer.
That's the thing though. I am logged into Chrome, can move to Gmail or Youtube and stay logged in.
But in the Chrome password manager there is no password stored for any of my Google stuff.
The reason I want it, is I am having problems with my Gmail account in Outlook, on one of my PCs. It's fine on the others, so I don't want to reset the password, as it will be a pain updating the others as well.
The fact your are not logging out of Google when finished is the biggest worry.
A browser with free access to your email is a massive security risk should one of the devices be lost or stolen.
A browser with free access to your email is a massive security risk should one of the devices be lost or stolen.
They would still have to log in to Windows.
In Chrome, go to: Settings / Autofill and Passwords / Google Password Manager.
You'll need to retype your login password to view any passwords.
n Chrome, go to: Settings / Autofill and Passwords / Google Password Manager.
It's not there. All my others are but not my Google password.
A word of warning. If you actually get logged out and need to use it, but can't remember it you may well be stuffed.
A few years ago I screwed up badly when I changed laptops, I can't remember the details but although I still had access to my emails via Thunderbird I couldn't actually find my Google password anywhere. I tried going through the Google Reset password process and ended up in a never ending loop and I just couldn't do it.
By good luck I still had contact with a chap who worked in my team many years ago for his work experience education and is now a pretty senior exec within Google. He fixed it for me. Without him I'd have been stuffed.
But in the Chrome password manager there is no password stored for any of my Google stuff.
Well it'd be a bit pointless because without being logged into Google, you can't use the password manager so it all becomes a bit of a circular problem. It's the one password you need to keep in a different place, maybe a locked folder on Microsoft OneDrive.
The fact your are not logging out of Google when finished is the biggest worry.
Do you honestly sign out of your e-mail, including on your phone every time you finish looking at e-mail? Blimey, that's bonkers level of digital paranoia.
Is it auto-filling into a password field (as ****) and then you press "log in"?
If so, it's stored in the password manager.
If not, if you just go there and are automagically logged in, it's not stored somewhere (well it is, kind of, but not like you mean). The fact you are authenticated in all those services is stored. If you log out, you'll need the password again to log back in on the device you log out on.
I had this a couple of weeks ago when I got a new phone. I just logged into my old phone using fingerprint and my laptop using a passcode so I had no idea of the central Google password for "me".
Took bloody ages of going around in circles to resolve it and I can't actually remember how I did it cos I'm still traumatised from the whole process.
Had my old phone, new phone and laptop all pinging away with Google alerts of new logins. 🙄
My Google password in in my Google Password Manager.
Where is it stored?
I suspect it isn't. Rather, it knows that your device is trusted. It's not sending a password to those other services, it's passing a key.
my Gmail account in Outlook
Why would you want to do that in the first place? Gmail has a perfectly serviceable web client.
Authentication cookies in your browser cookie store? When you authenticate on a Google site the salted hashed password is transmitted to Google auth servers and the server replies with an authentication cookie signifying your logged-in identity. This cookie is sent with subsequent requests to Google servers from your browser, and is the thing which signifies that you are “logged in” on that browser.
Why would you want to do that in the first place? Gmail has a perfectly serviceable web client.
I prefer Outlook tbf.
So when you login to Google for the first time using Chrome I expect there's an option to basically say "keep me logged in", like the one on the STW login page. Or it just remembers you automatically.
Effectively it will place a cookie in your browser with a unique identifier so it knows who you are going forward. So your browser doesn't remember and auto-fill your password. Instead you access a Google website/service, it checks for the cookie and says, ah ok it's gobochul, crack on.
Edit: what zomg said 😁
Mine's in my google password manager. I need my google password to access it though 🙂
what does the little person icon top right of the browser say when you click it? thats the logged in google account.
I'd probably log out of there, then log back in again on the affected device.
I think zomg and geomickb have it. After you have logged into Google and used 2FA etc then Google stores a token in that browser for use in future authentications rather than your password. I believe that is locked to that browser and user and should normally have some sort of expiry time. Stealing these tokens is an alternative to finding your password which is why they are meant to be locked to the user/browser so they aren't of use outside of that space
what does the little person icon top right of the browser say when you click it? thats the logged in google account.
Here:
This is where it's stored. You are accessing Youtube through this profile:
https://myaccount.google.com/security?hl=en
A few years ago I screwed up badly when I changed laptops, I can’t remember the details but although I still had access to my emails via Thunderbird I couldn’t actually find my Google password anywhere. I tried going through the Google Reset password process and ended up in a never ending loop and I just couldn’t do it.
This happened to me. Was logged in on a browser I could still access, but one day it just wouldn't accept my password (or id changed it and forgotten it). Tried logging in elsewhere and couldn't, tried resetting my password via the browser I was logged in on but that brought up another password prompt so couldn't get past it.
Tried every password reset option they had including answering the memorable questions and using my phone as 2 factor authentication, which I did have set up already, but basically it got stuck in a loop of not allowing me to reset it.
Had to set a new account up and painstakingly forward every important email and document I had in the account via the browser I was still able to access.
No idea why the password reset kept getting stuck.
A browser with free access to your email is a massive security risk should one of the devices be lost or stolen.
Unless you’re Ethan Hunt then you’re not getting into my devices.
Well it’d be a bit pointless because without being logged into Google, you can’t use the password manager so it all becomes a bit of a circular problem. It’s the one password you need to keep in a different place, maybe a locked folder on Microsoft OneDrive.
I’ve got an anonymous notebook stuck away with a whole bunch of passwords and usernames in from years ago, because for some reason a password will sometimes just not work properly in my keychain, so it’s comforting to know I’ve got hard copies stashed away somewhere.
Tried every password reset option they had including answering the memorable questions
I had a situation like that a while back, suddenly had an issue, and it refused to accept the memorable answers I’d written down ages before, and had never changed, because why would you? Sorted it eventually, but I can’t remember how. 🤷🏼
A few people have covered this but in simple terms, you Google account password isn't stored anywhere, ever, unless you've told a password manager to store it specifically.
This is a bit simplified but...
When you set it originally, it was run through a computing process that produced a long, complex bit of data. That was then stored, not your password (it's called a hash). That process only works one way, you can't reverse it to get back to the password (without a huge amount of computing power).
When you log in to Google, it takes your password and runs it through the computing process again. It then compares the result to the stored hash.
As others have said, a token is then stored on your device that identifies you to various sites and services. This is how it knows who you are when you go from Gmail to YouTube to other sites.