Google's new Chrome extension can detect unsafe login credentials

Google password checkup

On Safer Internet Day, Google gives you three tips to keep your device and data safe

Password Checkup needs to query Google about the breach status of a username and password without revealing the information queried.

Again, Google stressed that it would only share data about the security event, basic information such as if an account was hijacked or suspicious activity as detected, and only share this data with apps that people have logged into using Google Sign In.

The Password Checkup extension for Google Chrome notifies users if their website credentials (beyond just a user's Google account) have been included in a data breach known to the search giant.

It's kinda like security researcher Troy Hunt's Have I Been Pwned? service - which lets you look up your usernames and passwords to figure out if they were leaked or stolen - wrapped into an extension.

The team have designed a system whereby not only does Google not know the username and password combination you used, when the extension performs a check against the breach database that traffic is heavily encrypted, meaning your details remain secure even if intercepted by a man in the middle style attack. While the Google account itself has had added protections to deal with attackers and malicious parties, it is the first time the company is improving the security of Google sign-in for third-party platforms.

The Mountain View-based company says it designed Password Checkup to be actionable. If that really is the case, it will trigger a warning, suggesting you to change your credentials. Google aims to help that problem with its newest Chrome extension.

Password Checkup is a Chrome extension that checks to see if a username or password on a website you're using has been compromised.

There's also a new initiative called Cross Account Protection.

When apps and sites have implemented the new feature, Google is able to tell them an issue that could put a user's information at risk has been detected. Google claims that Google Play Protect scans over 50 billion apps every single day, identifying potentially harmful apps and keeping them off devices or removing them.

According to Google, it has worked closely with major technology companies, like Adobe, plus the standards community at the Internet Engineering Task Force (IETF) and OpenID Foundation to make it easy for all apps to implement Cross Account Protection.

Latest News