Google’s New Chrome Extension Gives Your Passwords a Checkup

Google Chrome Password

In early 2019, white-hat security expert Troy Hunt and other researchers shared a massive database of breached passwords and usernames. The stolen data constitutes 25 billion records and 845 gigabytes of stolen data.

While many of the collected records are from previously reported thefts, there are new records there, too. It’s a clear indication of regularity, scope and potential damage caused by poor password management.

That news coincided with Google’s announcement of its new Password Checkup extension for Chrome browsers. The extension is designed to alert and protect users who may have compromised credentials.

What is the Password Checkup Extension?

Password Checkup allows users to check if their Google account, and any other account you check into while using Chrome, has been potentially compromised during a previous data breach. Developed in partnership with Stanford University cryptographers, the extension is designed to give you critical information while safeguarding your data.

How Does Password Checkup Work?

After installing the extension, Google will alert users if they find potentially compromised passwords. The passwords are checked against a database of 4 billion known compromised credentials. Warnings are issued automatically, along with a recommendation to change the potentially compromised credential.

It’s important to note that the extension will not alert you to any outdated passwords or weak passwords. While those other factors can also lead to your account information being hacked, the Password Checkup only identifies known hacked passwords contained in databases.

What Does It Look Like When Password Checkup Is Activated?

The Password Checkup icon appears in your browser bar as a green security shield. The extension app will monitor your account whenever you use Chrome to log into a website or a service.

If it detects that the password is potentially compromised, a bright red warning box pops onto your screen. It features a warning sign and urges you to change your password. The box allows you to ignore the alert for the designated site. There’s also a link to learn more information via a page with more details about Password Checkup and how to change a potentially compromised password.

If for some reason you miss the red pop-up box, the browser extension icon turns from green to red.

Can Google See My Passwords if I use Password Checkup?

No. None of the passwords that the app uses are stored and personal information is not collected. The checked passwords are anonymized using hashes and encryption. Password Checkup was designed to prevent hackers from attacking it.

What Are the Risks of Compromised Passwords?

News stories are constantly reporting on the latest corporate data breach, revealing the thousands of records that were exposed and how that company is responding. The story behind the story is what happens to those stolen credentials.

In some cases, hackers sell information on the dark web. For users that do not know about the hack or aware but choose to do nothing, the consequences can be dire. Bad actors now can access accounts, make purchases, steal money or gain other personal information that can help to steal one’s identity.

People affected by stolen credentials can spend months or years resolving the issues related to compromised accounts. This work is time-consuming, costly and stressful.

Are There Other Tools to Check Compromised Credentials?

There are many other services that help monitor and detect stolen passwords, including websites such as Have I Been Pwned? and Watchtower and password managers like Dashlane and Keeper.

How Prevalent Are Data Breaches?

According to the 2019 Verizon Data Breach Investigations Report, stolen credentials are also an increasingly popular approach for hackers looking to gain access to cloud-based email servers. Stolen credentials are a particular issue for businesses in the accommodations and food services, financial and insurance, educational services, manufacturing and professional services industries.

What Can Be Done to Prevent Compromised Credentials?

For businesses, there are several steps that can mitigate the risks of data breaches that result in compromised credentials:

  • Develop and enforce rigorous password policies, including password complexity, reuse and expiration dates
  • Implement two-factor or multi-factor authentication that uses both known information, such as a stored password, and new information, such as a texted or emailed credential, (e.g. a one-time access code)
  • Centralized identity access management
  • Centrally managed single sign-on protocols

Google’s new extension is an excellent way to provide individual Chrome users with information that will protect themselves and their personal information. When combined with broader business rules, the extension should reduce the rate and severity of compromised credentials.

Share this post

Share on facebook
Share on twitter
Share on linkedin
Share on print
Share on email

Invotec Solutions IconInvotec Solutions

Unit 9/148 Chesterville Road, Cheltenham

5.0 6 reviews

  • Avatar Daniel McNairn ★★★★★ 8 months ago
    Invotec Solutions is a great company. Working in the education field they have been great support when we have had technical issues that have needed high level solutions. I know they have worked throughout the Catholic Education system … More and have always delivered a high level of service and support. Very easy to deal with and friendly support.
  • Avatar Marcia Reynolds ★★★★★ 7 months ago
    Invotec were fantastic! Being a small business owner and IT illiterate, Invotec helped me to get up and operating without an issue.
    I now feel secure knowing that they are there to back me up.
  • Avatar Aaron Hawke ★★★★★ a year ago
    I had the pleasure of working with the Invotec Solutions Team for our Cyber Security requirements. They really know their stuff and my expectations were well exceeded. Thanks Guys, You made it easy!
  • Avatar Jan Chapman ★★★★★ a year ago
    Invotec really know their stuff, a great company that want to provide the best service possible. I highly recommend them.
  • Avatar Korin Roehm ★★★★★ 2 years ago
    Invotec has been a great partner to our company. They're very quick and responsive. If you talk to anyone there you know that they're very knowledgeable in the work that they do.

Get a Quote