Google have launched a new browser extension to help users make sure that they are using strong and safe passwords. The extension, called ‘Password Checkup’, flags when a someone uses a password and username combination that Google knows to have been involved in a data breach at some point in the past. Google has a database of over 4 billion such accounts.
The user then has the option to continue and ignore the warning or they can then choose a different password. There have been many large and well publicised password breaches over the last few months, particularly the dump of passwords known as Collection #1. Although some of these dumps of user names and passwords may be historical, if you are still using that password, then there is still the possibility of having an account breached by an attacker. Password reuse, using the same password on more than one site or service, is one of the most likely ways that people will find that they have had an account hacked. If a cyber-criminal knows one combination of username and password, they will then try that combination over and over on lots of different sites to see where else you have used that password.
This new extension from Google aims to try and warn users when such a combination has been breached previously.
The only issue is whether or not you trust Google. Google have issued reassurances that when someone uses the extension, the information is strongly encrypted to prevent any of the details being readable should they be stolen and that not even they can know what your password is, only that what has been typed has been involved in a data breach. Google have also announced that they will be publishing a paper to allow independent experts the opportunity to evaluate the new tool and the way in which it works.
At least this extension is highlighting to users that what they may think is a good and safe password might not be as secure as they think it is.
To download the extension, you must do the following:
1. Open Chrome on your computer
3. Click “Add to Chrome”
4. Confirm that you want to add the extension to your Chrome
5. Once installed, a screen shield icon will appear on the top right hand corner of your browser.
6. That's it! You can now enter passwords on websites to determine if they are safe and Google will alert you if they are not.
For more information, click here.
- Gerry Grant, Chief Ethical Hacker
For more information and advice, message us on our website or email us at firstname.lastname@example.org