Google Releases Password Checkup for Chrome

Posted on February 5, 2019 by Paul Thurrott in Cloud with 12 Comments

Google has released a new Chrome extension that will help you protect your accounts from third-party data breaches.

“We help keep your Google Account safe by proactively detecting and responding to security threats. But we want to provide you with the same data breach protections for your accounts, beyond just Google apps and sites,” a new post to Google’s The Keyword blog notes. “This is where the new Password Checkup Chrome extension can help. If we detect that a username and password on a site you use is one of over 4 billion credentials that we know have been compromised, the extension will trigger an automatic warning and suggest that you change your password.”

If you do sign-in to a website with credentials that are known to have been compromised, Password Checkup will alert you to this and prompt you to change the password to prevent an account hacking.

“We built Password Checkup so that no one, including Google, can learn your account details,” the firm explains. “To do this, we developed privacy-protecting techniques with the help of cryptography researchers at both Google and Stanford University.”

Google also notes that it is addressing those times in which an attacker does make its way into your account via an app. A new tool called Cross Account Protection will trigger notifications for security events like account hijacking so that you can be better protected.

“We’ve designed the security events to be extremely limited to protect your privacy,” Google says. “We only share the fact that the security event happened. We only share basic information about the event, like whether your account was hijacked, or if we forced you to log back in because of suspicious activity. And we only share information with apps where you have logged in with Google.”

Tagged with ,

Join the discussion!


Don't have a login but want to join the conversation? Become a Thurrott Premium or Basic User to participate

Comments (12)

12 responses to “Google Releases Password Checkup for Chrome”

  1. dontbe evil

    nice...just I don't trust google

    • bill_russell

      In reply to dontbe_evil:

      Not to come across as a shill but Google has earned my trust (whatever 'trust' means to you is up to you) as much as I think any website/service can. You just look at a company's business model and how much they have to lose if they were found to be sloppy with data that is expected to be secured, for example on Google Drive. That is where my definition of "trust" comes from. Google still makes most revenue not from "spying" or "sellling your data" but simply from searches in adwords. Yes they supplement that with some adsense targeted ads on sites but they do not have to strongly depend on that sort of thing as Facebook does. I belive Google is good about carefully trying to organically integrate "targeted ads" into their properties when/if the time is appropriate, for example maybe in Maps, . This is only done if it makes sense to equally benefit the user experience and not blantantly cram ads into every nook and cranny they can to make a quick buck. Sure you can give me some examples where they have made mistakes but no company is perfect.

  2. BigM72

    This is a standard feature of many password managers already?

    I guess it's mainly targeted at people who use Chrome's in-built password manager (or none at all) rather than a third party one.

  3. JCerna

    I tried it and it already nagged at me for what was not a password, so I removed it. Lastpass already alerts me also so, ignore.

  4. dcdevito

    Every now and then, Google does a good thing for us.

  5. fbman

    Yes, Only google may mine your data.

    Thats why I rather stick with Firefox, no google data mining.. I dont even have a gmail account.

  6. spacein_vader

    HaveIBeenPwned and various password managers that use its API already do this.

  7. harmjr

    Does google make an easy place for us the end user to go and see the same data?

    I think that would be nice.

  8. RickR

    I wonder how it will integrate with LastPass? It may end up a redundant feature who's main purpose is to show, how, Google cares.