Google's new Chrome extension can detect unsafe login credentials

Adjust Comment Print

The first is a Chrome extension called Password Checkup that can identify if you're using a password that's been exposed in a third-party data breach.

The "Cross Account Protection" has been designed as a safety tool for the apps and websites require a Google sign-in.

If you fall within the category, you'll then be alerted about your login credentials having been leaked in the past; and prompted to change your password. (It's not necessary, but it's strongly advised.) Chrome already offers an automatic password generator, and will store that new password in a password credential file automatically, if you choose, and use it to log into a site automatically in future visits.

The search giant noted that using the same password will result in the compromise of multiple accounts once criminals successfully take over one account. With this new Chrome extension the company aims to keep the Google Accounts safe by proactively detecting and responding to security threats.

With lists of billions of compromised credentials floating around on underground forums and in text-paste pages across the Internet, it's hard for anyone to keep up with the potential threat from breached passwords.

Those who still feel uncomfortable with checking their passwords with a tool made by Google can use other tools like Pwned Passwords.

Google partnered with computer scientists at Stanford University in developing the protocol behind the technology - which Google candidly admits is still experimental and therefore potentially subject to shortcomings.

Furthermore, safeguards were put in place to prevent an attacker from using the extension to unearth credentials, such as prohibiting brute-force guessing. Password Checkup takes the same concept and extends it to any site on the Internet, not just those managed by Google. Google says it will only share basic information regarding the event itself. Here Google will "only share information with apps where you have logged in with Google".

Many online scams stem from websites that are posing as legitimate services - such as a bank, insurance company, or even Google - which ask you for sensitive information such as passwords or financial details.

Last month, hackers dumped more than 2.2 billion usernames and passwords on internet compromising the security of personal information.