Thursday, 21 March 2019
Latest news
Main » Keep your accounts more secure with Google's new Password Checkup Chrome extension

Keep your accounts more secure with Google's new Password Checkup Chrome extension

06 February 2019

Today, a new Chrome Extension has been released that checks if the if username and password combinations you tap into a login form have been previously compromised.

To coincide with Safer Internet Day, search giant Google is launching two new tools to help users detect if their username and password have been compromised. At the same time, we need to ensure that no information about other unsafe usernames or passwords leaks in the process, and that brute force guessing is not an option. "Whenever you sign in to a site, Password Checkup will trigger a warning if the username and password you use is one of over 4 billion credentials that Google knows to be unsafe", Google explains. If you don't change your passwords on a regular basis, it's possible that valid credentials are floating freely on the Internet, just waiting for a nefarious party to exploit.

Google says it won't bother you about outdated passwords that you may have reset or dumb passwords you might be using, like 123456 as long as they do not appear in a data breach. This is the first version of the Password Checkup and the company says it will be refined in the coming months, but you can install the extension and take advantage of the new protections now.

Google says that it won't keep bombarding you with alerts for just any username/password combination to avoid "fatiguing" the user.

Google will limit disclosures to only share that these security events have occurred, without sharing personal account info. Created to be implemented by apps and sites, it means Google is able to tell them that an issue that could put information at risk has been detected. Password Checkup addresses all of these requirements by using multiple rounds of hashing, k-anonymity, private information retrieval, and a technique called blinding.

You can find out more on the Google Security blog. The company only shares the fact that a security event has occurred, basic information about the event such as whether an account was hijacked and this information is only shared with apps where a user's Google credentials were used to login.

Keep your accounts more secure with Google's new Password Checkup Chrome extension