{"id":1946,"date":"2019-02-07T07:00:43","date_gmt":"2019-02-07T12:00:43","guid":{"rendered":"https:\/\/langa.com\/?p=1946"},"modified":"2019-02-06T12:48:54","modified_gmt":"2019-02-06T17:48:54","slug":"new-free-chrome-extension-checks-for-password-hacks-in-real-time","status":"publish","type":"post","link":"https:\/\/langa.com\/index.php\/2019\/02\/07\/new-free-chrome-extension-checks-for-password-hacks-in-real-time\/","title":{"rendered":"New, free Chrome extension checks for password hacks in real time"},"content":{"rendered":"\n

Google’s new Password Checkup<\/a> extension for desktop Chrome automatically checks your passwords, as you use them, against a Google-developed database of some four billion known hacked\/stolen logon credentials. (Fig. 1)<\/p>\n\n\n\n

\"\"
Fig. 1: Google’s free <\/strong><\/em>Password Checkup<\/strong> for desktop Chrome monitors your passwords in real-time, to see if they’ve been hacked\/stolen<\/strong><\/em>.<\/figcaption><\/figure><\/div>\n\n\n\n

Note that this is not the same as sites like have i been pwned <\/a>, which check to see if your email address<\/strong><\/em> (not passwords<\/strong><\/em>) appears in known hacked\/stolen databases.<\/p>\n\n\n\n

I believe it’s also safer than password-checkers such as Pwned Passwords<\/a>, that require you to send your actual passwords to the site so that they can be compared to a list of compromised credentials. Although the Pwned Passwords site owners say they take good care to protect the passwords you check there — and I believe them — I’ve still never been comfortable with this: Needlessly transmitting for-real passwords to a third party on the web feels like an extra point of vulnerability, to me.<\/p>\n\n\n\n

With the Chrome tool, no new third party is involved. You’re already using Google Chrome to enter your username\/password combination anyway, and may even be using Chrome’s built-in password manager<\/a>. Asking Google to perform a quick, local check, to see if your password is known to hackers, seems to add minimal extra risk with potentially huge benefits.<\/p>\n\n\n\n

And yes, the checking is done locally, on your PC; Google says your password isn’t sent to Google’s servers; and that the entire process — including communication with the database of compromised credentials — is masked by encryption. (Wired has a good article<\/a> with some of the details.)<\/p>\n\n\n\n

If you use a good password manager to help generate, keep track of and auto-fill strong, complex passwords; use good password hygiene (e.g. never using the same password on any two sites); and use real-time checking to see if your passwords appear in hacked\/stolen databases; your passwords should be about as safe to use as humanly possible.<\/p>\n\n\n\n

Permalink: <\/em><\/strong>https:\/\/langa.com\/?p=1946<\/em><\/strong><\/a><\/p>\n\n\n\n

\n\n\n\n

Want to ask Fred a question? Have a comment? Click here!<\/a><\/strong><\/p>\n\n\n\n

Want free notification of new content like this? Click here<\/a>!<\/strong><\/p>\n","protected":false},"excerpt":{"rendered":"

Google’s new Password Checkup extension for desktop Chrome automatically checks your passwords, as you use them, against a Google-developed database of some four billion known hacked\/stolen logon credentials. (Fig. 1) Note that this is not the same as sites like have i been pwned , which check to see if your email address (not passwords) appears…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[28,10,5],"tags":[],"class_list":["post-1946","post","type-post","status-publish","format-standard","hentry","category-browsers","category-science-and-tech","category-windows"],"aioseo_notices":[],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/paaiox-vo","jetpack-related-posts":[{"id":1957,"url":"https:\/\/langa.com\/index.php\/2019\/02\/08\/reader-response-on-chromes-new-password-checker\/","url_meta":{"origin":1946,"position":0},"title":"Reader response on: Chrome’s new Password Checker","author":"Fred Langa","date":"2019-02-08","format":false,"excerpt":"Wow! Yesterday\u2019s item, \u201cNew, free Chrome extension checks for password hacks in real time\u201d generated a ton of replies\u2026 and questions! For example, over on the AskWoody lounge, a number of readers expressed concerns about explicitly asking a Google product to examine your passwords. As I explained there, I completely\u2026","rel":"","context":"In "A reader asks..."","block_context":{"text":"A reader asks...","link":"https:\/\/langa.com\/index.php\/category\/a-reader-asks\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":1961,"url":"https:\/\/langa.com\/index.php\/2019\/02\/09\/german-researchers-find-flaw-in-password-checker\/","url_meta":{"origin":1946,"position":1},"title":"German researchers find ‘flaw’ in Password Checker","author":"Fred Langa","date":"2019-02-09","format":false,"excerpt":"Reader Doug* sent in this report\u00a0after\u00a0reading, \u201cNew, free Chrome extension checks for password hacks in real time.\u201d \"Fred ...found this in a forum.....a security flaw in the Password Checker extension...from Google...unfortunately it is in German....but perhaps you can further research the security flaw:https:\/\/www.kuketz-blog.de\/chrome-add-on-password-checkup-uebermittelt-domainname\/andhttps:\/\/www.deskmodder.de\/blog\/2019\/02\/06\/password-checkup-google-uebermittelt-doch-nicht-alles-verschluesselt\/ \" Thanks, Doug! Yes, a German researcher\u2026","rel":"","context":"In "A reader asks..."","block_context":{"text":"A reader asks...","link":"https:\/\/langa.com\/index.php\/category\/a-reader-asks\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":3413,"url":"https:\/\/langa.com\/index.php\/2019\/09\/13\/how-should-i-check-the-authenticity-of-a-password\/","url_meta":{"origin":1946,"position":2},"title":"“How should I check the authenticity of a password?”","author":"Fred Langa","date":"2019-09-13","format":false,"excerpt":"(Answer requested by Aditya Verma) If you really mean \u201cauthenticity,\u201d that\u2019s a programmatic question, and I can\u2019t help you: You\u2019ll need to hire someone (or learn yourself) to compare whatever password you\u2019re trying to authenticate to whatever database or algorithm or other authentication-source you specify. But if you mean you\u2026","rel":"","context":"In "A reader asks..."","block_context":{"text":"A reader asks...","link":"https:\/\/langa.com\/index.php\/category\/a-reader-asks\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":3581,"url":"https:\/\/langa.com\/index.php\/2019\/10\/10\/how-many-passwords-do-you-keep-for-smartphones-laptops\/","url_meta":{"origin":1946,"position":3},"title":"“How many passwords do you keep for smartphones & laptops?”","author":"Fred Langa","date":"2019-10-10","format":false,"excerpt":"(Answer requested by Byron Inductivo) I currently have over 700 passwords in use, but I only have to remember one. I use a password manager on all my devices: I only have to remember the password-manager's own master password. Once I enter that, the software takes over. When I encounter\u2026","rel":"","context":"In "A reader asks..."","block_context":{"text":"A reader asks...","link":"https:\/\/langa.com\/index.php\/category\/a-reader-asks\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":3851,"url":"https:\/\/langa.com\/index.php\/2019\/12\/04\/can-i-erase-all-of-my-passwords-from-all-the-sites-that-require-one\/","url_meta":{"origin":1946,"position":4},"title":"“Can I erase all of my passwords from all the sites that require one?”","author":"Fred Langa","date":"2019-12-04","format":false,"excerpt":"(Answer requested by Chris Blood-Smyth) You mean all at once, on the web? Nope. You can delete your local copies of passwords, if you've stored them on your system (e.g. you can uninstall or delete or zero out your password manager). But you cannot automatically delete your passwords from all\u2026","rel":"","context":"In "A reader asks..."","block_context":{"text":"A reader asks...","link":"https:\/\/langa.com\/index.php\/category\/a-reader-asks\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":5862,"url":"https:\/\/langa.com\/index.php\/2021\/09\/27\/share-browsers-without-sharing-their-stored-passwords\/","url_meta":{"origin":1946,"position":5},"title":"Share browsers without sharing their stored passwords","author":"Fred Langa","date":"2021-09-27","format":false,"excerpt":"Browser-based password managers have an obvious vulnerability on shared PCs: anyone with access to the browser might also have access to all its stored passwords! Today\u2019s lead item discusses two separate ways to prevent unwanted password sharing. One is extremely secure but takes a little time to set up; the\u2026","rel":"","context":"In "AskWoody Plus"","block_context":{"text":"AskWoody Plus","link":"https:\/\/langa.com\/index.php\/category\/askwoody-plus\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/langa.com\/wp-content\/uploads\/2021\/09\/Langa-2021-09-27-fig-2.jpg?fit=562%2C500&ssl=1&resize=350%2C200","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/langa.com\/wp-content\/uploads\/2021\/09\/Langa-2021-09-27-fig-2.jpg?fit=562%2C500&ssl=1&resize=350%2C200 1x, https:\/\/i0.wp.com\/langa.com\/wp-content\/uploads\/2021\/09\/Langa-2021-09-27-fig-2.jpg?fit=562%2C500&ssl=1&resize=525%2C300 1.5x"},"classes":[]}],"jetpack_likes_enabled":false,"_links":{"self":[{"href":"https:\/\/langa.com\/index.php\/wp-json\/wp\/v2\/posts\/1946","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/langa.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/langa.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/langa.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/langa.com\/index.php\/wp-json\/wp\/v2\/comments?post=1946"}],"version-history":[{"count":5,"href":"https:\/\/langa.com\/index.php\/wp-json\/wp\/v2\/posts\/1946\/revisions"}],"predecessor-version":[{"id":1953,"href":"https:\/\/langa.com\/index.php\/wp-json\/wp\/v2\/posts\/1946\/revisions\/1953"}],"wp:attachment":[{"href":"https:\/\/langa.com\/index.php\/wp-json\/wp\/v2\/media?parent=1946"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/langa.com\/index.php\/wp-json\/wp\/v2\/categories?post=1946"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/langa.com\/index.php\/wp-json\/wp\/v2\/tags?post=1946"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}