New, free Chrome extension checks for password hacks in real time

Posted on by Fred Langa

Google’s new Password Checkup extension for desktop Chrome automatically checks your passwords, as you use them, against a Google-developed database of some four billion known hacked/stolen logon credentials. (Fig. 1)

Fig. 1: Google’s free Password Checkup for desktop Chrome monitors your passwords in real-time, to see if they’ve been hacked/stolen.

Note that this is not the same as sites like have i been pwned , which check to see if your email address (not passwords) appears in known hacked/stolen databases.

I believe it’s also safer than password-checkers such as Pwned Passwords, that require you to send your actual passwords to the site so that they can be compared to a list of compromised credentials. Although the Pwned Passwords site owners say they take good care to protect the passwords you check there — and I believe them — I’ve still never been comfortable with this: Needlessly transmitting for-real passwords to a third party on the web feels like an extra point of vulnerability, to me.

With the Chrome tool, no new third party is involved. You’re already using Google Chrome to enter your username/password combination anyway, and may even be using Chrome’s built-in password manager. Asking Google to perform a quick, local check, to see if your password is known to hackers, seems to add minimal extra risk with potentially huge benefits.

And yes, the checking is done locally, on your PC; Google says your password isn’t sent to Google’s servers; and that the entire process — including communication with the database of compromised credentials — is masked by encryption. (Wired has a good article with some of the details.)

If you use a good password manager to help generate, keep track of and auto-fill strong, complex passwords; use good password hygiene (e.g. never using the same password on any two sites); and use real-time checking to see if your passwords appear in hacked/stolen databases; your passwords should be about as safe to use as humanly possible.

Permalink: https://langa.com/?p=1946

Want to ask Fred a question? Have a comment? Click here!

Want free notification of new content like this? Click here!

Fred Langa: See the ABOUT link or click here for more info: https://langa.com/index.php/about/

3 Replies to “New, free Chrome extension checks for password hacks in real time”

  1. Pingback: Fred Langa: Use Google’s new Password Checker extension for Chrome to see if your passwords have been compromised @ AskWoody
  2. Pingback: Reader response on: Chrome’s new Password Checker – Langa.com
  3. Pingback: German researchers find flaw in Password Checker – Langa.com

Comment? Question? Reply...?