Google Chrome Password Checkup Extension Will Let You Know If Your Passwords Have Been Compromised

A new Chrome Extension from Google called Password Checkup will automatically check whether your passwords have been exposed in a data breach.

Once installed, the extension checks any login details you use. Google says “most” US sites are supported against a database of around four billion usernames and passwords, and warns you if it finds a match.

Unfortunately, password breaches are now a common occurrence, but so long as you are using a unique password for each website it’s normally fairly simple to deal with. Just change the login credentials used with the breached website, and move on. But when a massive breach occurs like Collection #1 compromise so many different passwords it can be impossible to know which of yours are still safe. That’s where Google’s new extension comes in.

Four Easy Steps To Protect Your Accounts

Since Password Checkup relies on sending your confidential information to Google, the company is keen to emphasise that this is encrypted, and that it has no way of seeing your data. Passwords in the database are stored in a hashed and encrypted form, and any warning that’s generated about your details is entirely local to your machine.

You can always manually compare your passwords against Have I Been Pwned’s database of breached credentials but Google’s extension is free and makes it a lot easier for you to check your passwords automatically. Also, you can use Chrome’s built-in password generator to generate a new password if you find one of yours has been compromised.

While it is a useful extension, ultimately Password Checkup further underlines how terrible passwords are as a means of keeping your accounts secure. Standards like WebAuthn, which replaces your password with a hardware token that only you have access to, are promising, but so few sites currently support the standard that it’s not really viable for widespread use. Two-factor authentication is another useful layer of security but, it can have its limitations.

So for the time being the best advice we can give you is:

  • Use a password manager
  • Use a unique password for every site
  • Change any affected passwords the moment you hear about a breach
  • Turn on two-factor authentication for all sites that support it

The difference, now, is that you should also consider installing Chrome Password Checkup extension.

Leave a Reply