To help you protect your accounts from data breaches, Google created the Password Checkup Chrome extension that will alert you if any of your accounts were affected by data breaches.
With hundreds of millions of email addresses and passwords leaked online, and data breaches almost a daily occurrence, it’s become a necessity to resecure your accounts from time to time. But how do you know if your password has been stolen and listed on any illegal databases? Well, there are tools that tell you, but they are not always to be trusted. Google’s new Password Checkup Chrome extension, however, goes a step further and saves you from having to do the dirty work.
Download and activate the extension, and whenever you sign-in and enter a username and password that has been included in a “data breach known to Google” – and is therefore no longer considered to be safe – you will get an alert to reset your password. This obviously also means that if you use the same username/password combinations, for multiple accounts, you should reset those as well.
You can find out more about how Password Checkup works here, but you can rest assured that it has been “built with privacy in mind,” and therefore “never reports any identifying information about your accounts, passwords, or device.”
As Jennifer Pullman, Kurt Thomas, and Elie Bursztein, who are part of Google’s Security and Anti-abuse research team, explain:
“At a high level, Password Checkup needs to query Google about the breach status of a username and password without revealing the information queried. At the same time, we need to ensure that no information about other unsafe usernames or passwords leaks in the process, and that brute force guessing is not an option. Password Checkup addresses all of these requirements by using multiple rounds of hashing, k-anonymity, private information retrieval, and a technique called blinding.”