facebook rss twitter

Google launches Password Checkup Chrome extension

by Mark Tyson on 6 February 2019, 13:11

Tags: Google (NASDAQ:GOOG)

Quick Link: HEXUS.net/qad4hu

Add to My Vault: x

Yesterday was Safer Internet Day, and to mark the occasion Google launched a couple of new tools to enhance you and your data's safety. The headlining introduction was of the Password Checkup Chrome extension which checks and alerts users if any of their username/passwords have features in one of the many huge third party data breaches. Secondly, Google launched Cross Account Protection tools which extend the Google ecosystem's account hijacking and breach notices to apps that utilise Google Sign In.

Password Checkup is an extension to the Chrome browser. It is claimed to proactively detect and respond to security threats. Google says that it already automatically resets the password on your Google Account if it may have been exposed in a third party data breach (and such a policy helps reduce the risk of your account getting hacked by a factor of ten).

The nice thing about the new Password Checkup extension is that it extends the above described protections outside of Google apps and sites to others - perhaps you use Yahoo Mail, or Microsoft Onedrive in your browser for example. If Google detects a username and password on a site you use is one of over four billion credentials that it knows has been compromised, you will get an alert and a recommended action.

While there are already third party tools and sites that will let you know if your various online accounts are pwned or not, I'm sure some people will prefer an official Google extension for this aspect of their security. Google asserts that its new browser extension has been built so that "no one, including Google, can learn your account details". Privacy protecting techniques developed with the help of cryptography researchers at both Google and Stanford University were employed in the extension and back end. Further technical details about Password Checkup can be found on the Google Security Blog.

Cross Account Protection enables Google's tools allowing you to easily prevent and recover from security breaches to be employed by third party apps and sites. Google says that "when apps and sites have implemented it, we're able to send information about security events - like an account hijacking, for instance - to them so they can protect you, too". Again, Google insists that it doesn't paw over more data than is necessary to do this task. The firm is working alongside the likes of Adobe and various internet standards communities to make Cross Account Protection easy to implement.



HEXUS Forums :: 6 Comments

Login with Forum Account

Don't have an account? Register today!
yes please Google. have all of my passwords. thanks x
Lol, i dont think so
You can do the same thing with HaveIBeenPwned.com or any of the password managers that can connect to its API without having to trust Google.
I hwve exactly the same sentiment as expressed above.

It's why I don't use any password manager (that isn't on an air-gapped system) - it's down to trust. Even with sites I relatively trust, I'm still sceptical and Google? No, just no. Hell, no. Not in this life or the next.
spacein_vader
You can do the same thing with HaveIBeenPwned.com or any of the password managers that can connect to its API without having to trust Google.
I agree. HaveIBeenPwned.com is a very useful site.
My login and password has been flagged as stolen from half a dozen sites and results in the odd unfriendly and misleading email quoting one of the password. (No you don't actually have control of my email account) They are quite old and mostly throw away ones fortunately.

I do use a password manager. (I don't trust the built in browser ones.) It allows easy generation of unique passwords. The only way I'll remember enough passwords! Though maybe the old pen and paper list would be most secure…