New Chrome extension warns users their login credentials have been breached
February 5, on Safer Internet Day, Google launched a new service that has been designed to alert users when they use an exact combination of username and password for any website that has previously been exposed in any third-party data breach.
While Google already resets passwords of user accounts who might have been affected by third-party breaches as part of an effort to limit the potential security impact on its users' accounts, this feature is limited only to Google accounts.
The new service, which has initially been made available as a free Chrome browser extension called Password Checkup, works by automatically comparing the user's entered credential on any site to an encrypted database that contains over 4 billion compromised credentials. If the credentials are found in the list of compromised ones, Password Checkup will prompt users to change their password.
Wondering if Google can see your login credentials? No, the company has used a privacy-oriented implementation that keeps all your information private and anonymous by encrypting your credentials before checking them against its online database.
Moreover, it is not yet another "weak password warning tool" that alerts users whenever they use a commonly used or easily crackable password for any website. "We designed Password Checkup only to alert you when all of the information necessary to access your account has fallen into the hands of an attacker," Google says.
Google is not the first one to provide this kind of service. Mozilla introduced their Firefox Monitor platform on September 25, 2018, a service which uses Troy Hunt’s "Have I Been Pwned" database of email addresses affected by data breaches. The difference between Google's Password Checkup and Firefox Monitor is that the latter will notify you of a breach that contained your email if the website has been breached during the past 12 months. Therefore, you will not know your account has been part of a breach until you visit the affected website.