Google is adding security services to the Chrome browser. After months of experimenting with the beta version, Google has finally released the Password Checkup extension and is planning on building this support directly into the browser. This password protection is a data breach notification service which will alert users if credentials were stolen in data breaches.
The protection uses a database of over 4 billion usernames and passwords that were stolen in third party breaches to determine and notify the user to change their credentials.
Since the beta version was released in February, over 650,000 people have used the extension. In just the first month of release, over 316, 000 usernames and passwords were flagged as unsafe out of a set of 21 million scanned credentials.
Further, it was discovered that breached credentials were reused for high priority sites such as financial, government, and email accounts. The top three sites users reused their passwords include shopping, news, and entertainment sites.
When issued a warning, it was found that 26% of users decided to reset their unsecure password and 60% of the new passwords were secure against attacks.
Further, when installed the service alerts users if their usernames and passwords were compromised in a breach. To utilize the extension, the user must first create a Google account and sign in. To see the option for password protection, you need to go to settings and then password manager. A new option will come up that can be turned on to enable the password protection feature. When turned on, a warning will appear if credentials stolen in a data breach is being used. Chrome will display a ‘Data breach reported’ alert with the following message:
“A data breach on a site or app you use exposed your password. Chrome recommends checking your saved passwords now.”
If the credentials you use were exposed at just one site, the alert will specify the site’s name.
It is important to note, that Google has developed the Password Checkup extension to ensure your username and password is not revealed to them.
Contact LIFARS for security managed services today