Make Sure Your Passwords Are up to Date With This Google Chrome Extension
In this age of corporate hacker attacks and massive password leaks, having a new, inconsolable password is just as important as having a password that is difficult to crack. To that end, Google has just announced and launched a new Chrome extension that helps make sure your passwords haven’t been hacked and still keeps your accounts secure.
An extension called Password Checkup takes your username and password when you use them and compares them to a registry of leaked credentials. On its corporate blog, Google reported that the bank of hacked passwords it uses to verify your account includes four billion insecure username and password combinations, which is a lot, as you know.
Google claims that password verification prevents anyone from reading or storing your security information. Both the registry and your current security information are encrypted and hashed multiple times and cross-referenced using a technique called blinding , which allows the extension to match your information to entries in the list without reading or saving any of them. Your password status is only accessible with a key stored locally on the device using the extension, so in theory, you are the only person who can know which extension appears.
Password Checkup collects some general data, including how many times the password is checked against the Google database and whether the password is changed after it is found to be insecure. Google has a detailed explanation of this process on their security blog in case you want to know more.
Google isn’t the first company to offer a service to check your account information for past leaks. 1Password, one of our favorite password managers , offers a feature called Watchtower Integration that checks your saved passwords against Have I Been Pwned , a huge public database of leaked passwords.
There is one important difference between password verification and Watchtower integration – the Google option is free. You can always check your accounts manually for “ Have I Been Pwned,” but the fact that password verification does this repeatedly and automatically increases the likelihood that you will find the wrong password in time to protect yourself.