Yesterday was Safer Internet Day, and to mark the occasion Google launched a couple of new tools to enhance you and your data's safety. The headlining introduction was of the Password Checkup Chrome extension which checks and alerts users if any of their username/passwords have features in one of the many huge third party data breaches. Secondly, Google launched Cross Account Protection tools which extend the Google ecosystem's account hijacking and breach notices to apps that utilise Google Sign In.
Password Checkup is an extension to the Chrome browser. It is claimed to proactively detect and respond to security threats. Google says that it already automatically resets the password on your Google Account if it may have been exposed in a third party data breach (and such a policy helps reduce the risk of your account getting hacked by a factor of ten).
The nice thing about the new Password Checkup extension is that it extends the above described protections outside of Google apps and sites to others - perhaps you use Yahoo Mail, or Microsoft Onedrive in your browser for example. If Google detects a username and password on a site you use is one of over four billion credentials that it knows has been compromised, you will get an alert and a recommended action.
While there are already third party tools and sites that will let you know if your various online accounts are pwned or not, I'm sure some people will prefer an official Google extension for this aspect of their security. Google asserts that its new browser extension has been built so that "no one, including Google, can learn your account details". Privacy protecting techniques developed with the help of cryptography researchers at both Google and Stanford University were employed in the extension and back end. Further technical details about Password Checkup can be found on the Google Security Blog.
Cross Account Protection enables Google's tools allowing you to easily prevent and recover from security breaches to be employed by third party apps and sites. Google says that "when apps and sites have implemented it, we're able to send information about security events - like an account hijacking, for instance - to them so they can protect you, too". Again, Google insists that it doesn't paw over more data than is necessary to do this task. The firm is working alongside the likes of Adobe and various internet standards communities to make Cross Account Protection easy to implement.
