Reader response on: Chrome’s new Password Checker

Wow! Yesterday’s item, “New, free Chrome extension checks for password hacks in real time” generated a ton of replies… and questions!

For example, over on the AskWoody lounge, a number of readers expressed concerns about explicitly asking a Google product to examine your passwords.

As I explained there, I completely understand the reluctance to invite third parties into your password-management!

But using Password Checker really doesn’t mean adding a third party. Password Checker works only in Google Chrome; which means that — for good or ill — you’re already deep in the Google ecosystem.

If Google really wanted your username/password/site information, they wouldn’t have to create an app to trick you into revealing it: They could get it from Chrome itself; or Chrome’s built-in password manager; or Chrome’s auto-fill; Chrome’s page caching; Chrome’s URL- and page- prediction; Google’s public  DNS service, etc. etc. etc….

I just don’t see how the Password Checker adds any new, special, additional hazard; especially given the amount of security-related information that Google has released about it (including some new detail posted after I wrote my original article).

To the level of detail provided, it really looks to me that Google has gone to considerable lengths to ensure that your username/passwords aren’t put at risk by the Password Checker.

And here’s the thing: Google’s in the business of selling ads. It wants to know what interests you, and where you spend money, so it can target you with focused ads.

Google doesn’t want your passwords — what on earth would it do with them? But Google does want your demographics. If Password Checker makes using Chrome a little safer, you may be more inclined to use and stay with Chrome, which provides Google with the demographics it’s really after.

If that creeps you out, I understand. But note that Password Checker is the least of your worries. Rather, you’ll need to avoid all other Google products — and in fact, all products from companies that target you with ads — too!


Do password managers get along with Password Checker?

Separately, reader Chuck Ridgley asks:

“How does Chrome Password Checker work with LastPass?”

I’ve heard of no problems with LastPass or any other password-manager/form-filler software.

I personally use Roboform with Password Checker, and both appear to be functioning normally in every way, with zero conflicts or interference in either direction.

It makes sense that they’d get along: Password Checker and password-managers are doing different things, in parallel.

Both are triggered by a Chrome login-form. Regardless of how the login info is entered — manually by typing, or automatically by a password-manager — Chrome itself then sends your username/password to whatever site you’re logging into; quite separately and independently, the Chrome Password Checker extension looks to see if your password is among the four billion known-compromised credentials. There’s not a lot of ways for the two operations to step on each other’s toes.

So: To the very best of my knowledge, the Password Checker works fine with password-manager software.


More on Password Checker tomorrow. Thanks to all who wrote in!

Permalink: https://langa.com/?p=1957


Want to ask Fred a question? Have a comment? Click here!

Want free notification of new content like this? Click here!

Comment? Question? Reply...?