Does Microsoft/Google/Yahoo/Etc save invalid login info?

[Michael Robinson]

Ironically can't seem to find an answer to this question with a google search, I always get a bunch of answers to other things. 

Let me explain my question:  For example, lets say my google email login is "me@google.com" and my password is "login1". 

But since I have a yahoo email too, sometimes I accidentally go to yahoo.com and type in my google name and password.  Of course google says "invalid" and asks me to retype it, then I realize what I did and go to the correct site. 

But I just realized something...if any of them actually SAVED the information you typed in, everytime someone accidentally tries to login to the wrong site *which I bet happens all the time*, they would now have a copy of their information.  *yahoo now knows my google login/password because I accidentally used it on their site*

Anybody know if any of them save invalid login info?

[hilariousandco]

No, but the NSA probably do haha.

[Hazir]

Don't worry they don't even need  passwords. They can read all your emails without them. Passwords are just for you - big companies like google or yahoo just don't care about them. Also NSA is always spying on you. Sleep tight; you are always being watched online, you just can't do anything about it.

[counter]

I've wondered the same thing when I forget my passwords and start trying all of them to see which one works.  I suppose they may but I doubt they really look into it because they have many users.  Also I suspect if they wanted to crack your password that bad they wouldn't have trouble doing so.

[hilariousandco]

I've wondered the same thing when I forget my passwords and start trying all of them to see which one works.  I suppose they may but I doubt they really look into it because they have many users.  Also I suspect if they wanted to crack your password that bad they wouldn't have trouble doing so.

The only thing this would be bad for was if you had a keylogger.

[bitsmichel]

they have a copy of all your data. they don’t need your passwords.

In fact there is a search engine, where you type your name, and all your private personal emails, conversations, searches and photos come up. 
 
you want privacy or deal with sensitive company information? use encryption.

[grue]

It's considered bad security practice to save failed logins because they may contain partially correct login information. So the failed logins are probably not saved. But as others have noted, they can access your email without your login.

[counter]

I've wondered the same thing when I forget my passwords and start trying all of them to see which one works.  I suppose they may but I doubt they really look into it because they have many users.  Also I suspect if they wanted to crack your password that bad they wouldn't have trouble doing so.

The only thing this would be bad for was if you had a keylogger.

How does one know if they have keylogger?  I'm curious if I should look into this because I'd rather be safe than sorry you know?  Any advice is appreciated.

[bitsmichel]

There are ways to get your password trough hardware and software.

On software level: digital wiretapping

99% of the times your data are not encrypted, meaning anybody in between the line can make a copy.
In order to prevent sniffing on the line always use https:// not http://.
A little lock will show next to the page in the url bar, just like in thie site.



Sniffing (or digital wiretapping) is not difficult, its as simple as run a program.
Some of these programs may actually be virus or trojan, be careful if you download one (I did not test the one below)




On software level: nasty programs

As you probably know, unwanted software as viruses, spyware and other types of software can come. These programs, once run
 are inside your memory and can catch your keyboard input and other things. There are different ways to deal with this, I have put
them in order from easy to harder:

Approach 1 (standard approach):
 - install anti-virus & anti-spyware programs
 - install firewall
 
Approach 2:
 - use a LiveCD / LiveUSB. Do not store anything on the computer disk. You can use the program unetbootin to make live usb.
   use an emtpy usb disk for it, the program will swipe your usb disk  
   http://unetbootin.sourceforge.net/

Approach 3:
 - use an operating system image in a program as VMware Player or Bochs, never store data to the disk. Run the system from the image
   both are free. These programs simulates a computer, so you can have a computer in a computer  .

Approach 4:
 - avoid using any propriatary software, only use open-source software. Use Debian Linux or something like this.

On software level: keystroke sounds
A recent research demonstrates that keystroke sounds can be used to identify what is beiing types. Of course this depends on the
type of keyboard. In order to prevent this, block your microphone.

On hardware level: digital attachments
The easiest kind of hardware keylogger is a usb one. Check all usb ports;
For software keyloggers,  it depends on how far you want to go.

On hardware level: digital attachments inside the computer
This is harder to detect. Dont let anyone near the computer  

On hardware level: shoulder surfing
Someone can physically look on your keyboard when you are in a public place. This may seem something obvious, but this does happen.
An example video is here https://www.youtube.com/watch?v=5CWrzVJYLWw


If my reply was helpful, please donate 0.0001 B ($0.03 or or less) to 1CuvG8rVxdmjmfTCy594e8aZLTkT6vsKCM  

[Reuben]

No, but the NSA probably do haha.

lol sad but probably true