An unofficial blog that watches Google's attempts to move your operating system online since 2005. Not affiliated with Google.

Send your tips to gostips@gmail.com.

December 7, 2011

Google Remembers Your Old Passwords

If you change your Google account's password and you try to log in using the old password, Google shows a special message: "Your password was changed X days ago. Didn't change your password?" and links to this article.


It looks like you've attempted to sign in using an old password. If you remember changing your password, just sign back in using your most recent password. If you remember changing your password but have forgotten your new one, you can regain access to your account by going to our password assistance page.

If you don't remember changing your password, someone else might have accessed your account and changed your password. In some cases, your previous recovery email or phone might be available on the password assistance page for resetting your password. If that's not the case, you'll have the option to fill out our account recovery form to verify your identity and reclaim your account.

To show this message, Google needs to store your old password (actually, a password hash, since Google doesn't store the actual password). This is probably useful if someone managed to access your account and changed the password. Obviously, you'll still try the old password and you won't understand why it no longer works.

{ Thanks, Venkat and Brandon. }

19 comments:

  1. haha. you should edit the title to add hash to it! it's sensational right now. :)

    ReplyDelete
  2. Agree with Sushubh: that title isn't good at all. It will do nothing but scare people who only read the title of posts before starting to spread false rumors...

    ReplyDelete
  3. why? just a small check like "IF password WRONG AND datepwdchange < 10 THEN display that generci message" will work. You could say that Google stores passwords if it would give you the abilityi to effectively restore it, not just because it knows WHEN a pwd was changed...

    ReplyDelete
  4. Google's just storing the last date when you changed your password. :p

    ReplyDelete
  5. @Sushubh, John:

    I replaced "stores" with "remembers" to make it clearer.

    @Tambu, Manish:

    Not true. The message is only displayed when you enter an old password.

    ReplyDelete
  6. Any security system worth its salt (pun intended) is going to keep a history of old password hashes in order to prevent the user from re-using old passwords. This fairly standard security measure would be impossible without such a history. Google is simply making additional use of this history to the user's benefit.

    ReplyDelete
  7. Nice. But how to restore account in case some hacker deletes it?

    ReplyDelete
  8. Facebook does the same thing

    ReplyDelete
  9. Thank you for this information I appreciate it. Have you heard about Acai Berry Select? Its wonderful.

    ReplyDelete
  10. I see no harm in that. Active Directory services usually store last 20 password hashes for security reasons ;)

    ReplyDelete
  11. And yet, Google blocks you from reusing a password... maddening.

    ReplyDelete
  12. This is really nice for instance when your account got hacked you can be sure that there is something suspicious not just you forgot the new password. It's small but rally good security improvement

    ReplyDelete
  13. I did not change the password for my gmail account, and I am pretty sure that it has been hacked by someone (the same email id and password I used for one more website, which is also not working). I tried all the ways to recover to the account, but failed. After providing the recovery email, or secondary email id which we provide for back up, it sent a password reset link to that account. After going through it, it resulted in creating a new gmail account instead of recovering the existing one. It would be really great if anyone can suggest me how to recover the gmail account, or address this issue.

    Many thanks in advance.

    ReplyDelete
  14. This is interesting, but how do you get google to remember your new password without having to retype it each time.

    ReplyDelete
  15. i changed my password when i forgot my old one an new my htc phone is blocked an asking for my old passwork how can i find out wot my old password was help please

    ReplyDelete
  16. my phone was stolen. when i got it bak it had too many pattern attempts. so it wanted me to login in with my google account. i know the email but forgot the password. now i changed the password on my email and it still wont let me in it. i need to find out the password i had first.

    ReplyDelete
  17. Google gives two options for retrieving gmail password. first is using another Email and second is mobile number. if you lose your phone number then you can access verify another email.

    ReplyDelete
  18. HELLO. this no longer works this way. Yet I need to determine just this very information. When i last changed my password. Does anyone know a current way to determine this information ???
    Thank you

    calgo2007@gmail.com

    ReplyDelete
    Replies
    1. Check this page: https://www.google.com/settings/account

      Delete