Google’s new Chrome extension ‘Password CheckUp’ checks if your username or password has been exposed to a third party breach

Google released a new Chrome extension on Tuesday, called the  ‘Password CheckUp’. This extension will inform users if the username and password that they are currently using was stolen in any data breaches. It then sends a prompt for them to reset their password.

If a user’s Google account credentials have been exposed in a third-party data breach, the company automatically resets their passwords. The new Chrome extension will ensure the same level of protection to all services on the web.

On installing, Password Checkup will appear in the browser bar as a green shield. The extension will then check the login details against a database of around four billion usernames and passwords. If a match is found, a dialogue box prompting users to “Change your password” will appear and the icon will turn bright red.

Source: Google

Password Checkup was designed by Google along with cryptography experts at Stanford University, keeping in mind that Google should not be able to capture a user’s credentials, to prevent a “wider exposure” of the situation. Google’s blog states “We also designed Password Checkup to prevent an attacker from abusing Password Checkup to reveal unsafe usernames and passwords.”  

Password Checkup uses multiple rounds of hashing, k-anonymity, private information retrieval, and a technique called blinding to achieve encryption of the user’s credentials.

You can check out Google’s blog for technical details on the extension.

Google Chrome announces an update on its Autoplay policy and its existing YouTube video annotations
Meet Carlo, a web rendering surface for Node applications by the Google Chrome team
Google Chrome 70 now supports WebAssembly threads to build multi-threaded web applications