I accidentally input my email password into my WiFi password slot, and I want to know whether it is possible that the internet service provider receives (and possibly logs) this information. I did this through desktop Linux.
Likewise, I often use the wrong password when signing into various accounts. I wonder if there is a technology which prevents the possibility of the false passwords being saved by the site I am trying to log into.
You should rotate any passwords you send off to services they aren’t for.
I wonder if there is a technology which prevents the possibility
You should be using a password manager that autofills for you. These check what service you’re on before filling.
You should really use a password manager to prevent this from ever happening, but just for completeness sake: Using 2FA on all your accounts can also help here, at least as an additional security mechanism. 2FA is often implemented as TOTP, so even if you send a valid OTP to the wrong server, it will become invalid after a short while automatically.
Again of course what @SkewedZeppelin said is important: if you give a password to anyone that should not know that password (eg. by sending it to the wrong server), consider it burned. Even if that other entity does not know what this password is used for by you or that even is a password that you use for something, you should change it and never use it again in the future.
Thanks for the feedback. Though I should mention, I am aware of the standard recommendations for password management. It’s just this one password it memory-based and I spent some time figuring out something long which I would not forget. I know it is recommended to switch out passwords, but for the thing which unlocks my disks I think changing the password is a bad idea - I cannot see how its security advantage would outweight the risk of forgetting it.
But I post it wondering if there is a standard protection of password input, a protocol like TLS which makes passwords unreadable by servers unless they are the correct one. If this was the case, I would not consider it urgent to change this password
Sure there are some things like that, actually making passwords completely unreadable for the server, even if it is the correct one, for example: Secure Remote Password protocol - Wikipedia Off the top of my head, 1Password and Proton both claim to use that for their login (as well as other security protections). Stuff like SRP and other more modern PAKEs are really cool technology, but ultimately it depends on the server if it employs it, and even if it does it’s hard to know if they did so correctly. They are standards but not used as ubiquitously as something like TLS.
You should definitely assume the passwords you enter on a random website are sent to the server as-is. SRP is virtually never used outside of E2EE-focused apps like Proton Mail, and doesn’t protect you against actively malicious websites anyways of course.
This issue is finally make me see the point of using a password manager instead of a document with all my passwords in it. But this would necessity the use of an extension, which conflicts with the privacyguides browsing recommendation.
I am curious what people do to resolve this conflict?
(and I made a new thread on the topic)
People who decide the risk is worth the convenience use the extension, people who decide it isn’t simply copy/paste from their password manager app.
The main point of having less extensions is to decrease browser fingerprint metrics. It’s kind of nice to have. If you are concerned about fingerprinting, it’s rabbit hole.
Another issue is not to share sensitive info with an extension which is not applicable for password managers since you already trust these companies with your passwords.