Google releases Password Checkup Chrome Extension to protect accounts from data breaches

Password Checkup Chrome extension checks if username and password combinations entered by users are one of over 4 billion credentials that Google knows to have been previously compromised in data breaches.
The extension is designed to ensure that Google doesn't learn users' passwords and that any breach data stays protected.

Google released a Chrome extension named ‘Password Checkup’ on the Safer Internet Day (February 5, 2019). This extension checks if usernames and passwords combinations entered in login pages are one of over 4 billion credentials that Google knows to have been previously compromised in data breaches.

This Password Checkup extension was developed jointly with cryptography experts at Stanford University to ensure that Google never learns users username or password and that any breach data stays protected from any exposure.

Password Checkup extension alerts users automatically

This extension works every time a user logs into an online service. The Password Checkup extension checks the username and password entered by the user against the database containing 4 million unsafe credentials and alerts the user automatically to change the password when it detects the credential entered to be unsafe.

This extension does not check passwords alone, but a combination of both usernames and passwords. This implies that Password Checkup will not alert users when they use an unsafe password such as 123456, but only when both the username and password together have been detected to be unsafe and have been previously breached.

The reason behind this extension is that cybercriminals are using username-password combination to perform credential stuffing attacks, trying to gain access to a user account when users have re-used their passwords that might have been breached previously.

Stay safe anywhere on the web

“We want to help you stay safe not just on Google, but elsewhere on the web as well,” Google stated in an official announcement.

“Password Checkup is currently available as an extension for Chrome. Since this is the first version, we will continue refining it over the coming months, including improving site compatibility and username and password field detection,” the official announcementread.

Global Locations

Block A, A-25, Second Floor, Sector 3
Noida, Uttar Pradesh+91-120 429 1672+91 931 991 8771

Comments

software development services in noida

Red Securium Company Provide Software Development Service In Noida Combining technological competency with domain expertise, Red Securium offers full spectrum of custom software design, development and deployment services for enterprises and SMEs to achieve exceptional business results. Leveraging on its cross-functional width of expertise in application software development , Red Securium has developed the capabilities to build and run resilient applications at scale that seamlessly infuse your innovative ideas. Whether you are in need of the rapid development of a crucial business application or require the deployment and support for an entire suite of applications, we offer full software lifecycle coverage services. We adopt best practices and put highest levels of expertise to drive your technological assets deliver you business excellence and improved ROI. Custom Software Development Services in Noida Enterpri...

Phishing Campaigns Targeting Google and Yahoo Accounts To Bypassing Two-Factor Authentication Several phishing campaigns targeting hundreds of individuals across the Middle East and North Africa. The attacker targers HRDs, journalists, political actors. Amnesty International published a report on multiple campaigns that traget self-described “secure email” services, such as Tutanota and ProtonMail and another campaign that aimed in bypassing two-factor authentication. Crafted Phishing Sites – Secure Email Providers The phishing campaign primarily targeted popular secure email service providers such as Tutanota and ProtonMail. Threat actors used a well-crafted phishing page – by obtaining the domain tutanota[.]org, whereas the original domain of the service provider is tutanota[.]com. A phishing attack is one of the dangerous social engineering attacks that leads to capture a victim’s username and password that will get store it to an attacker machine and reuse it l...

Community Health Systems agrees to pay nearly $3.1 million as a part of settlement for 2014 data breach

The settlement covers a total of 4.5 million patients impacted in the breach. The cyber attack took place in April and June of 2014 and was orchestrated by a Chinese criminal group. Tennessee-based Community Health Systems has reached a settlement over a 2014 data breach that 4.5 million patients. A proposed amount of $3.1 million has been reached as a part of the settlement in a class action lawsuit filed against the healthcare. What happened? According to court records, the cyber attack took place in April and June of 2014 and was orchestrated by a Chinese criminal group, that solely focused on obtaining intellectual data. The hackers used an advanced malware and exfiltrated a variety of information such as patient names, Social Security numbers, addresses, dates of birth, and phone numbers. However, no credit card details and medical details were affected in the breach. Following the breach, the healthcare firm had notified the patients about the breach. However, the...

Red Securium

Search This Blog