Google has released a new extension for Chrome dubbed Password Checkup that will alert users if their username/password combinations were leaked online as part of a dump after a data breach.
Last week Google released Password Checkup a Chrome extension that warns users about compromised logins every time they will enter login credentials on a website.
Password Checkup will compare the username/password provided by the users against a database of four billion credentials belonging to various data breaches that were disclosed over the years. The tool will display a red alert box in case of a positive match and will suggest users change the password.
“If we detect that a username and password on a site you use is one of over 4 billion credentials that we know have been compromised, the extension will trigger an automatic warning and suggest that you change your password.” reads the blog post published by Google.
Google pointed out that Password Checkup needs to protect both the content of the queries and prevent credential leaks in the process. The Chrome extension addresses the requirements by using multiple rounds of hashing, k-anonymity, and private set intersection with blinding.
“At a high level, Password Checkup needs to query Google about the breach status of a username and password without revealing the information queried. At the same time, we need to ensure that no information about other unsafe usernames or passwords leaks in the process, and that brute force guessing is not an option. Password Checkup addresses all of these requirements by using multiple rounds of hashing, k-anonymity, and private set intersection with blinding.” reads a post published by Google.
Password Checkup was developed with the support of cryptography experts at Stanford University to avoid that Google itself could learn users’ credentials and prevent wider exposure of breaches.ù Password Checkup isn’t the only service that allows users to check if their credentials have been exposed in a data breach over the years, other free services are Have I Been Pawned, the Identity Leak Checker and Firefox Monitor,
Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer.
Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US.
Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines.
Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.