Slashdot Mirror

← Back to Stories (view on slashdot.org)

Chrome Can Tell You if Your Passwords Have Been Compromised (engadget.com)

Posted by msmash on from the how-about-that dept.

An anonymous reader shares a report: Given the frequency of hacks and data leaks these days, chances are good at least one of your passwords has been released to the wild. A new Chrome extension released by Google today makes it a little easier to stay on top of that: Once installed, Password Checkup will simply sit in your Chrome browser and alert you if you enter a username / password combination that Google "knows to be unsafe." The company says it has a database of 4 billion credentials that have been compromised in various data breaches that it can check against. When the extension detects an insecure password, it'll prompt you with a big red dialog box to immediately update your info. It's handy, but users might wonder exactly what Google can see -- to that end, Google says that the extension "never reveal[s] this personal information."

4 of 90 comments (clear)

  1. So, how does it work? by Anonymous Coward · · Score: 4, Insightful

    How does it work? Does it keep a local database of 4 billion compromised credentials and checks against them? Or, let me guess, it uploads all of my passwords to a Google-controlled server to check if they are secure? Hmm, I wonder what could go wrong with this plan.

    1. Re:So, how does it work? by thegarbz · · Score: 3, Insightful

      Let's try this experiment. But for real.

      I use Chrome on a work computer. I log in to some web sites and Chrome conveniently remembers my passwords for those sites.

      Last April I get a shiny new Google Pixelbook. (think: glorified web browser with 8 GB, core i5 and 128 GB SSD -- unless you put it in developer mode effectively rooting it so it can do useful things)

      Using the Pixelbook (which is Chrome OS, of course, and thus Chrome), I am able to go to my favorite web sites, and -- like magic! -- Chrome conveniently knows my login credentials to those sites.

      Hmmm didn't work for me. But then I didn't enable the completely optional feature of password synchronisation which is literally the second setting in Chrome underneath where you select your Google account.

  2. Give me all your passwords by rtkluttz · · Score: 2, Insightful

    I'll monitor my own shit thank you. I trust YOU (Google) even less than the bad guys.

    --
    Digital is, by definition, imperfect. Analog is the way to go.
  3. Re:interesting... by Anonymous Coward · · Score: 2, Insightful

    Somebody could put in the effort to do that, or they could go the much easier route of using the original password dumps found on various nefarious websites.