Chrome Password Checkup alerts you to hacked logins

Eric Abent - Feb 5, 2019, 11:32 am CST
0
Chrome Password Checkup alerts you to hacked logins

Login credentials are compromised all the time, and once a password is out in the open, it’s no longer secure. Websites like Have I Been Pwned? help users figure out which passwords are secure and which aren’t, but starting today, Google is helping the cause as well by launching a new Chrome extension called Password Checkup. With this extension, Chrome will automatically let you know when you’re using a password that’s been compromised.

Google says that it will compare both usernames and passwords to a know collection of 4 billion login credentials known to be compromised. You’ll be alerted that your login credentials have been leaked in the past and prompted to change your password. The company also notes that the Password Checkup extension has been crafted in such a way that not even Google can see what your login information is.

Google is also launching a second tool today that will help with single sign-in issues in that case the your Google Account is hacked. Dubbed Cross Account Protection, Google can use this to share details of an account breach with its SSO partners so they can take action as well. Those partners who use Google sign-on need to implement Cross Account Protection themselves, but when they do, they’ll receive information from Google in the event that your account has been compromised.

The information Google says it’ll share with those third-parties seems to be fairly limited, and includes “basic information about the event.” For instance, Google might tell third-parties app partners that your account was hijacked or that it required you to sign in again because of suspicious account activity, but beyond that, it doesn’t sound like it’ll share too many details in the interest of user privacy.

Chrome’s Password Checkup extension is available now on the Chrome Web Store, and might be worth installing even if you already use tools like password managers or two-factor authentication. Cross Account Protection, on the other hand, is available today for developers using Firebase or Google Cloud Identity. Finally, Google says it will continue to improve both services from here on out, particularly Password Checkup, which will be refined in the coming months.


Must Read Bits & Bytes