[babelfish]

I have a friend who works at G that told me shortly after he started working there, he accidentally typed some portion of his password into another website, at which point his laptop immediately locked down and he was forced to change his password before doing anything else.

[tremon]

Are you implying Google had his password stored in reversible form?

[londons_explore]

This is what OP is talking about:

https://chrome.google.com/webstore/detail/password-alert/noo...

And yes, it does store a hash of the password on the local machine, although I suspect it's only a 32 bit hash or something so you can't 'crack' it to recover the original password.

[weird-eye-issue]

Nothing about the comment that you replied to would require them to store their password in "reversible form"

[londons_explore]

> some portion of his password

Doing a partial string match on a password would effectively require it in reversible form. Even if you hashed all the possible substrings of the password, it would be trivial to brute force given all the hashes of the same string with one extra character on the end...

But OP was mistaken - the tool Google uses only alerts if the entire password is typed. Meaning that OP's friend was careless with password hygiene. As is nearly every new Google employee.

[awwaiid]

Maybe they keylog and incrementally hash everything including password subset? Seems implausible.