Chrome Can Tell You if Your Passwords Have Been Compromised

An anonymous reader shares a report: Given the frequency of hacks and data leaks these days, chances are good at least one of your passwords has been released to the wild. A new Chrome extension released by Google today makes it a little easier to stay on top of that: Once installed, Password Checkup will simply sit in your Chrome browser and alert you if you enter a username / password combination that Google "knows to be unsafe." The company says it has a database of 4 billion credentials that have been compromised in various data breaches that it can check against. When the extension detects an insecure password, it'll prompt you with a big red dialog box to immediately update your info. It's handy, but users might wonder exactly what Google can see -- to that end, Google says that the extension "never reveal[s] this personal information."

Old Solution

The correct way to go about it would be to advise users if their password is on known data breaches whether it is associated with the username or not. Otherwise this extension could be used to mine credentials out of whatever database google is using.

interesting...

[CrimsonAvenger]

So, if I try name/password combinations till I get a hit, Google will tell me I've gotten a hit (on someone's account, somewhere).

If it tells me where the UID/Pwd combo exist, I can then change someone's password for them? That could be useful....