This Google Chrome extension will tell if your password has been hacked

This Google Chrome extension will tell if your password has been hacked

This Google Chrome extension will tell if your password has been hacked

Password Checkup is a first-party extension, which begs the question as to why Google doesn't just bake into Chrome natively, and make it opt-in.

Google is also launching a second tool today that will help with single sign-in issues in that case the your Google Account is hacked.

It can be noted that Google does not get any access to the user details, but will only offer information that a security breach has happened and also inform if your account details are compromised or not. The extension enables you to find out which accounts have been compromised and prompts you to change unsafe passwords.

The Chrome extension sits quietly in Google's browser but it springs into action when it detects that a username and password being used to login to an online service - it doesn't have to be a Google one - has been compromised. Password Checkup compares the credentials you input into any website against a database of four billion known compromised credential sets and lets you know if your username-password combo is no longer good. Password Checkup addresses all of these requirements by using multiple rounds of hashing, k-anonymity, private information retrieval, and a technique called blinding.

Chrome's privacy team says they were led by three guiding principles: alerts that are actionable, not informational; putting privacy privacy at the heart of its design; and advice that avoids fatigue. Secondly, Google launched Cross Account Protection tools which extend the Google ecosystem's account hijacking and breach notices to apps that utilise Google Sign In. Finally, Google says it will continue to improve both services from here on out, particularly Password Checkup, which will be refined in the coming months. "We won't bother you about outdated passwords you've already reset or merely weak passwords like 123456", writes Google.

"We created Cross Account Protection by working closely with other major technology companies, like Adobe, and the standards community at the Internet Engineering Task Force (IETF) and OpenID Foundation to make this easy for all apps to implement", Google said in a statement.

Latest News