I got a warning, that I am using 57 “unsichere Passwörter”, and that several of them are used multiple times. furthermore, that 0 of them are compromised.
So, what the hell are you doing? compiling a list of my passwords, just to make it easy for malware to grab that list? and how did you find out that they were not compromised? for doing so, you need to either transmit all my login names to some server somewhere (how is that safe?) and transmit passwords back? or are they at least hashed? is the connection safe?
next thing, that particular window just has a white page icon. no title text, nothing. every other program uses window titles.
So please stop compiling lists of my accounts. Immediately.
avast isn’t compiling your passwords in any way.
It just checks how many you have stored and if they are “secure”.
After doing so it shows you a add for avast passwords.
and how does the check work, that tries to indicated that the login credentials may be compromised?
if nothing is transmitted and referenced to databases with previously leaked login credencials (those recently surfaced login credential lists from hacked services), then the check just can’t work. I have searched on avast.com for information about your “datenschutzerklärung”. I didn’t find it (however I found a privacy policy… which is not the same thing. first of all, the datenschutzerklärung needs to be in german).
and in order to find out that there are “57 unsichere Passwörter”, avast has to read all of them and to do a basic check like “are numbers or special characters used” and how long is it. which is not bad, just to show the user that there is something unsafe going on.
reason why I don’t like that behavior it showed just now: I value privacy and I consider even a list of my accounts somewhere as a violation of that privacy (even without the passwords). and I see a virus scanner as part of the defense against a privacy violation. it should not actively violate it more than necessary to get the job done.
I agree with this. The Password component is not even installed. This is my private information,
avast has crossed a line here. Since a password manager is not installed this is not in their purview,
as far as I’, concerned.
Bob, I’m not under any illusion about that. I know malware could strike and that info could all be stolen.
But that’s malware, if I’m unlucky enough to get caught. I would expect that, and more.
I don’t expect avast to go rummaging around in there, they should have asked for my permission first.
Just because they can do it, doesn’t mean they should.
Did avast download all the info and store it on their servers? Or did they just check it for password quality
in an attempt to sell me their Password product?
People seem to forget that about(?) all av vendors are checking the passwords.
How else can they publish lists with the most used, shortest, longest passwords etc.
Most (if not all) others just don’t tell you that you have insecure passwords.
Be glad that avast does check and tell you.
Let it be a wake-up call to use stronger passwords so there will be more security.
I would like to clarify one thing: Avast is not sending your passwords anywhere.
We have our own database of leaked accounts (without passwords). To check if any of your account was leaked, we are comparing your username and website (not password!) with our database. If we find a match, we notify you so that you can go to the website and change your passwords.
We believe that this (free!) functionality is very important in the current digital age and we hope that you will find it valuable.
Besindes, my german friend - tests for “unsichere Passwörter” are quite easy, safe passwords have a minimum of length and a good mixture of characters, numbers and others like slash etc.
At least the length can be checked in encrypted form
Likely its comparing the hashes of the stored passwords. if two hashes match then it knows you have a duplicate, without actually reading the password.
Even if they compare passwords directly, it’s done locally on your computer only. As far as I know avast! caches passwords locally, remote server is only for transfer between clients. Or am I wrong here and it’s like LastPass where you can force it to fetch every request from server and nothing is stored locally?
