New Google Chrome extension warns you if your login is compromised


Google wants to help keep users' online accounts safe and is providing two new tools for it.

The search giant said in a Feb. 5 post that it has released a new Chrome extension, called Password Checkup, to help protect its accounts from data breaches by telling them if their login credentials have been compromised.

Google has also launched a new "Cross Account Protection" tool for sites that require you to sign in to Google.

The company informs you that you know more than 4 billion compromised credentials, and the extension will let you know if your credentials match any of the compromised logins.

The Mountain View-based company says it designed Password Checkup to be actionable. When a user receives an alert about compromised credentials, he does not just tell you; it prompts you to change your password.

Google says that this is usually the best way to protect an insecure account, and while other data such as addresses and phone numbers can be compromised, it focuses on alerting usernames and passwords.

In addition, the company says it wants to avoid "alert fatigue" by simply telling users if all the information needed to access an account falls into the hands of an attacker. For example, it will warn you if your current username and password appear in a violation, which represents the greatest security risk.

Google Password Checkup

For those concerned about privacy, Google says not to worry. Privacy was at the heart of the password verification design. The search giant says it created the extension so that it could not see the information but also ensured that the attackers did not abuse it to reveal usernames and passwords that were unsafe.

To learn more about the privacy aspect, you can read about the internal workings of password verification on this Google blog.

Along with Password Verification, Google's new cross-protection feature allows Google to send information about security events to sites that implement the service.

Google Cross Account Protection

Google says it only shares if the event happened and necessary information like someone invaded your account or you were asked to sign in again due to suspicious activity. In addition, this information is only shared with applications that you sign in to Google.

In both cases, the services are relatively new and Google will work to improve and refine them over time. Cross Account Protection will begin working with applications and sites that support it. As for the password verification extension, it's available for download in the Chrome Web Store for free.

Source: Google


Source link