When hacks happen almost daily it can be hard to stay on top of security related matters. That’s why Google is now releasing a new Chrome extension that will make account takeovers much harder for hackers.
Google released the Password Checkup tool Tuesday. This new extension helps you rescue accounts that were affected by data breaches. Wherever you sign-in, if you enter a username and password that is no longer safe due to appearing in a data breach known to Google, you’ll receive an alert. Then you can reset your password for that account and any others accounts using the same username and password.
Data breaches dating as far back as 2008 can still affect victims that haven’t changed their passwords. A collection of 2.2 billion stolen credentials over the last decade have come together in a download for anyone who can find it on the dark web. If even just one-tenth of 1 percent of people in the massive leak still use the same passwords, that’s 2.2 million accounts that hackers could potentially access. Even if you weren’t affected, you should consider changing your outdated passwords.
“Google’s own database of collected credentials from public breaches contains over 4 billion usernames and passwords,” said Kurt Thomas, a research scientist at Google.”The company has used that database for the last five years to protect Google users who could be affected by third-party breaches. More than 110 million accounts were kept safe through this measure. Without this safety measure, you’re about 10 times more likely to fall victim to an account takeover.”
Google’s Chrome accounts for 62 percent of website usage today, according to analytics firm StatCounter.
The Chrome extension is similar to what Nest, a smart home company that Google owns, does for its users. Nest monitors publicly leaked password databases and checks its own databases for matches. If a user’s email and password for outside services are involved, Nest sends an alert requesting the person to change passwords, even if the company’s own data wasn’t affected by the breach.
Other companies also monitor public breaches, including Facebook and Netflix. Given that Google accounts for 62% of website usage today they decided to take this security issue a step further making Password Checkup easy to use and available to everyone.
“We felt this was important and tried to do this as a community service and help our users everywhere,” said Elie Bursztein, Google’ anti-abuse research team lead.
This prevents hackers from being able to reuse passwords stolen from one service on another website. Hackers often take advantage of the fact that many people are likely to use the same password again and again. In a survey by Google and Harris Poll of 3,000 adults in the US, for instance, 65 percent of respondents said they reuse a password across multiple accounts. (Even so, about 60 percent of respondents say they have “too many passwords to remember,” according to the survey.)
In 2016, hackers said they were able to access Facebook CEO Mark Zuckerberg’s Twitter account by using his LinkedIn password, which was stolen in a 2012 breach.
Google’s new tool doesn’t save or view your passwords to match it with its database of hijacked credentials, according to Google.
The 4 billion credentials in Google’s database are hashed and encrypted, and so are the passwords and usernames a person would type in to compare using the Chrome extension. It uses a cryptography technique called “blinding” so Google can compare your passwords without ever needing to view them.
With hacks happening almost daily most people simply have a hard time staying on top of security-related matters. Password Checkup is designed to fill that security gap by automatically checking and warning people if they could be impacted by a potential hack.
Password Checkup is currently available as an extension for Chrome. We want to help you stay safe not just on Google, but elsewhere on the web as well.