Have You Been Hacked? Chrome Knows
Google rolled out two new cyber security tools to help users protect their data privacy. Google has a new free tool to inform users when their login credentials have been compromised.
Password Checkup is a new Chrome extension that informs the user that their username and password have been hacked. If the Chrome user logs in with credentials that Password Extension recognizes as compromised, then the user is notified and prompted to change their password.
Google cross-checks your username and password against a regularly updated database of over four billion combinations of hacked username and passwords. Hackers often offer massive caches of logins for sale on the dark web or otherwise expose them online. The database that Google’s extension checks against, checks your login against this database of hacked logins to see of your information is present.
Password Checkup was developed by Google and cryptography experts from Stanford University. The browser extension notifies Chrome users if the password they entered was compromised in a data breach. It can be downloaded from the Chrome Web Store. If the username and password combinations are not listed in the database, then the user is informed they are protected. If the credentials were previously hacked, once the user has changed their password, the extension informs that they are now protected again.
The new extension is obviously only available for Chrome browsers. Passwords are encrypted while they are being checked, so Google cannot actually read them. Google can already automatically reset users’ passwords for Google owned apps and sites if it determines a password has been hacked. However, the new extension cannot automatically reset passwords for non-Google websites or apps.
Firefox offers a similar plugin called Firefox Monitor.
The second cyber security initiative is called Cross Account Protection. It helps extend login credential protection to other apps and websites that allow Google Sign In. Cross Account Protection shares the fact that a data breach happened and if the user’s username and password was hacked. If there has been suspicious activity using the Google users’ credentials on other sites, then the additional information will be required to sign-in with the partner site.
Non-Google websites and apps must implement it for protection to be enabled. Google only shares information with these apps when a user has logged in with a Google account. If there is a cyber security risk with your login credentials you will be notified immediately. Then you will be prompted to provide extra information when logging into some sites.