Google released a Chrome extension named ‘Password Checkup’ on the Safer Internet Day (February 5, 2019). This extension checks if usernames and passwords combinations entered in login pages are one of over 4 billion credentials that Google knows to have been previously compromised in data breaches.
This Password Checkup extension was developed jointly with cryptography experts at Stanford University to ensure that Google never learns users username or password and that any breach data stays protected from any exposure.
Password Checkup extension alerts users automatically
This extension works every time a user logs into an online service. The Password Checkup extension checks the username and password entered by the user against the database containing 4 million unsafe credentials and alerts the user automatically to change the password when it detects the credential entered to be unsafe.
This extension does not check passwords alone, but a combination of both usernames and passwords. This implies that Password Checkup will not alert users when they use an unsafe password such as 123456, but only when both the username and password together have been detected to be unsafe and have been previously breached.
The reason behind this extension is that cybercriminals are using username-password combination to perform credential stuffing attacks, trying to gain access to a user account when users have re-used their passwords that might have been breached previously.
Stay safe anywhere on the web
“We want to help you stay safe not just on Google, but elsewhere on the web as well,” Google stated in an official announcement.
“Password Checkup is currently available as an extension for Chrome. Since this is the first version, we will continue refining it over the coming months, including improving site compatibility and username and password field detection,” the official announcement read.