Last week Google released Password Checkup a Chrome extension that warns users about compromised logins every time they will enter login credentials on a website.
Password Checkup will compare the username/password provided by the users against a database of four billion credentials belonging to various data breaches that were disclosed over the years. The tool will display a red alert box in case of a positive match and will suggest users change the password.
“If we detect that a username and password on a site you use is one of over 4 billion credentials that we know have been compromised, the extension will trigger an automatic warning and suggest that you change your password.” reads the blog post published by Google.
Google pointed out that Password Checkup needs to protect both the content of the queries and prevent credential leaks in the process. The Chrome extension addresses the requirements by using multiple rounds of hashing, k-anonymity, and
“At a high level, Password Checkup needs to query Google about the breach status of a username and password without revealing the information queried. At the same time, we need to ensure that no information about other unsafe usernames or passwords leaks in the process, and that brute force guessing is not an option. Password Checkup addresses all of these requirements by using multiple rounds of hashing,
Password Checkup was developed with the support of cryptography experts at Stanford University to avoid that Google itself could learn users’ credentials and prevent wider exposure of breaches.ù
Password Checkup isn’t the only service that allows users to check if their credentials have been exposed in a data breach over the years, other free services
(SecurityAffairs – data breach, hacking)