Google has released a new extension for Chrome that will alert you if one of your username/password combinations is known to be already out ‘in the wild’, according to the company’s blog post.
Whenever you enter your login details on a site, the extension, called Password Checkup, will compare the data against a database of four billion credentials that it knows have been compromised over the years. If a match is found, the tool will display a red alert box and suggest that you should change your password.
To dispel concerns about the security of the data being checked, Google emphasized in its Security blog that Password Checkup scrambles all credentials with hashing and encryption, thus protecting them from ne’er-do-wells. Google also gave assurances that people’s login details are never revealed to the company itself, either.
“Password Checkup was designed jointly with cryptography experts at Stanford University to ensure that Google never learns your username or password, and that any breach data stays safe from wider exposure,” reads the blog post. Google also made clear that the final check to see if there’s a match takes place on the user’s machine.
There are several freely available services on the internet, including Have I Been Pawned, the Identity Leak Checker and Firefox Monitor, that offer to check if your credentials or other personal details have been compromised in one of the numerous breaches that occur every year.
For guidance about how you can create robust and unique passwords, you may want to read one of our pieces below. Needless to say, two-factor authentication is an effortless way to improve your account security.
How to create strong passwords (without driving yourself mad)
Bad password choices: don't miss the point
No more pointless password requirements