Is Google exposing our old passwords?
Have you ever noticed Google telling you “your password was changed X days ago” when you type your old password? And how about when you type several old passwords and Google keeps telling you the same message? That’s the security feature to tell the users on Google Accounts interface they changed their password sometimes ago, when they type an old password. Google keeps telling you this even if you: 1) changed your password 3 months ago 2) type all your old passwords (at least mine) 3) access your account everyday several times a day The problem here is a brute force attack could expose passwords used by users before. If we consider there is a practice in which users have the same password for different services on the internet (and most of the time they have a pattern to create passwords, changing only one letter or number), the fact that an attacker can guess a...