New Chrome Extension Alerts Users When Credentials are Compromised

In September 2018, Starwood, part of the Marriott hotel chain, discovered that Chinese hackers had compromised the personal data of half a billion of its guests. This example is just one of several major data breaches that occurred last year.

Other high-profile organizations that were hacked in 2018 include Facebook, Google, Under Armor and T-Mobile. Although data is still being collected, so far more than 1200 data breaches have been reported from last year exposing the information of nearly 560 million records. Just last month, web security expert Troy Hunt revealed a data set called Collection #1 that contains more than one billion unique email/password combinations made publicly available on a cloud service.

Google’s new Chrome extension Password Checkup is designed to battle these data breaches with “prevention, detection, and mitigation.”

Password Checkup does this one password at a time by unobtrusively cross-referencing user credentials against an encrypted database of more than 4 billion credentials that are known to be unsafe. If a user’s credentials have been compromised, they are instantly alerted to the issue and advised to change their password.

Unlike a password manager, Password Checkup does not evaluate the quality of a password or identify whether other accounts use the same password; it simply warns the user of known breaches.

In order to protect the identities of Password Checkup’s users, the extension employs an encryption method developed in conjunction with Stanford University. When a user enters their username and password combination, Password Checkup uses “multiple rounds of hashing, k-anonymity and private set intersection with blinding” to ensure the user’s identity is never actually revealed to Google.

To learn more about how Password Checkup works, you can find an explanatory infographic from Google here!