Google celebrated the Safer Internet Day on February 5, 2019 by gifting a new security tool which automatically warns Google Chrome users if it suspects a data breach.
With password hacks and other data breaches becoming a daily occurrence, a huge amount of user data is compromised every day. To put things in perspective, personal details of 30 million Facebook users were stolen in 2018 alone. In the same year, username and password of 100 million Quora users were stolen.
This new Google extension called Password Checkup, which has been made available by the tech giant right away, matches login details you use for accessing various sites with the repository of nearly four billion leaked usernames and passwords and alert you if it suspects you could be at risk by using the same one.
How Does Password Checkup Work?
When I first started using the internet nearly a decade back, I was advised to have a unique and strong password for each of my accounts. But soon enough, I started using online banking services, signed up on Facebook, had a Twitter account, a Paypal account, a Feedly account, an account on my most visited news and gaming sites, accounts on AliExpress, Amazon, Flipkart and half a dozen more shopping sites. And that is, by no means, a complete list.
How on earth am I supposed to remember unique and strong passwords for all these accounts?
This is where the Chrome extension Password Checkup by Google could come in handy. The extension will monitor all the online accounts visited by users through their Google Chrome browser and notify them if they need to change their password for any of their site(s). This it does by scanning user’s account passwords and matching them with the databases of leaked login credentials for possible data breaches. If it sees a positive match, it will send automated warnings.
The best thing about this extension is that it will also work with any password manager, in case you are using one already. Next, it will warn you as soon as you have logged into your account.
Is Password Checkup Safe? Google Insists It Is!
Wary that we are of trusting anything available on the internet for free, this sounded too good to be true.
However, Jennifer Pullman, Kurt Thomas, and Elie Bursztein, members of Google’s security and anti-abuse research team, have assured their users that Google never goes on to ‘learn’ its usernames or thee passwords associated with them in spite of collecting the same.
“At a high level, Password Checkup needs to query Google about the breach status of a username and password without revealing the information queried…….At the same time, we need to ensure that no information about other unsafe usernames or passwords leaks in the process, and that brute force guessing is not an option,” they wrote in a blog post.
Since all the data collected from Google users are saved in their gargantuan databases in an encrypted format, users need not be worried on that account.
Now, Google is neither the first nor the only company to provide this option to its users. Watchtower by 1Password offers to do a similar task by comparing usernames and passwords with the database available with HaveIBeenPwned. Troy Hunt, the brain behind HaveIBeenPwned, also expressed support for similar service by Google.Inc.
“I think anything that drives people away from the behavior that is password reuse is a very positive thing and on that front, I’m glad they’ve done it,” he said. “It certainly doesn’t bother me that they’re doing a similar thing to HIBP’s Pwned Passwords.”
Rival Firefox had also offered a similar service Firefox Monitor to its users last year by offering to check user credentials against the same database (HIBP) used by 1Password.
The bottom line is that all internet users need to be aware of the need to safeguard their privacy and security.
And to do so, they must use strong and unique passwords, insist on two-factor authentication and use a password manager. Additionally now, they may choose to install the Chrome extension Password Checkup.