PassProtect: This new Chrome Extension warns you if hackers have stolen and leaked your password
Choosing a strong and robust string of characters as your password is an essential aspect of guarding against hackers. However, many still fail to pay heed to this advice and often opt for passwords that are easy to remember, like "starwars" or "12345".
Even if you do take the time to choose a password that is harder to guess, it could still prove to be just as dangerous. Whenever a data breach occurs, the stolen credentials are likely to be posted onto an online cybercriminal forum and eventually make its way around the underground market. For instance, a staggering 1.4 billion username and password combinations were discovered in a 41GB file online, gathered from multiple previous data breaches.
Hackers can easily use these credentials to break into other online accounts. According to Verizon's 2017 Data Breach Investigations report, 81% of hacking-related breaches leveraged either stolen or weak passwords. Consulting firm Deloitte found that reusing compromised passwords or reusing the same weak ones across multiple services and platforms was likely the cause of over 75% of corporate cyberattacks.
Login management firm Okta is looking to solve this issue with a new Chrome browser plug-in named PassProtect for people to verify if their password has been previously leaked.
The tool will automatically check whether your password has been compromised earlier by verifying it against Troy Hunt's Have I Been Pwned? service. If the password entered is found to be a match on the Pwned database, a warning will pop up informing you that the password you just entered has been found in earlier data breaches and is not safe to use.
The tool works whenever a user tries to sign into an online account and also tell you if a password hasn't been changed in a while or is too simple to begin with.
Okta has currently only released the tool for Chrome users but is eventually looking to release a Firefox version and analyze usernames as well.
“The best password is no password at all. Today’s threat actors are targeting the weakest point of your company’s security – your people – and too many are successfully compromising employee accounts due to poor or stolen passwords,” said Okta CEO and co-founder Todd McKinnon said in a statement.