Google Launches Password Checkup Extension To Detect Breached Credentials

Breached usernames and passwords have become a pain in the neck with regards to online security. Even if your account may remain potentially unhacked, it won’t remain the same in future if your email address or password matches any of the breached credentials. Particularly, after the recent data dumps of hacked credentials, Collection #1 to Collection #5, creating unique unbreached passwords has become impossible. That’s why Google has now launched a dedicated Chrome extension ‘Password Checkup’ that will warn you for breached credentials.

Password Checkup Chrome Extension

Google has recently announced the launch of a dedicated Chrome extension that will alert users for breached credentials. Named ‘Password Checkup’, the tool will facilitate users in creating unique login credentials.

As stated by Google in their latest blog,

“Whenever you sign in to a site, Password Checkup will trigger a warning if the username and password you use is one of over 4 billion credentials that Google knows to be unsafe.”

The tool not only alerts users for breached passwords, but also ensures keeping the current user credentials secure by employing cryptography. In this way, the usernames and passwords will remain invisible to Google. Moreover, this will also prevent any potential instances of data breaches or password guessing by brute force.

“Password Checkup addresses all of these requirements by using multiple rounds of hashing, k-anonymity, private information retrieval, and a technique called blinding.”

Here’s how the tool will work.

Chrome Password Checkup vs. Firefox Monitor

At a glance, Password Checkup looks like a variant of the previously launched Firefox Monitor by Mozilla. While both the tools alert users regarding breached credentials, they have several differences in their design and working.

Here is a quick comparison of both the tools for our readers.

  • Mozilla’s Firefox Monitor is based on HaveIBeenPwned. Whereas, Google Chrome’s Password Checkup will rely on Google’s own database of breached credentials.
  • Firefox Monitor alerts a user once upon landing on a website that has been a victim of a data breach in the previous 12 months. On the contrary, Password Checkup will scan credentials filled-up on login forms as well.
  • Firefox Monitor alerts users upon finding their email addresses in a breach. Google’s Password Checkup, however, alerts users if the exact credentials (both the current username and password) appear in a breach.

For now, Google has shared all the technical details at present and pledges to continue improving the feature with time.

“Since this is a first version, we will continue refining it over the coming months, including improving site compatibility and username and password field detection.”

Password Checkup is now available for download in the web store.

Do share with us your experience while using this tool.

Related posts

Hard-Coded Credentials Vulnerability Found In Kubernetes Image Builder

Critical Vulnerability Patched In Jetpack WordPress Plugin

Astaroth Banking Malware Runs Actively Targets Users In Brazil