Leaked usernames and password – Google Chrome extension to the rescue

Google has released a new Chrome extension named “Password Checkup” that checks if usernames and password combinations entered in login forms have been leaked online during past data breaches and security incidents.

Password breaches are an unfortunately common occurrence, but so long as you’re using a unique password for each website it’s normally fairly simple to deal with. Just change the login credentials used with the breached website, and move on. Unfortunately, when massive breaches like Collection #1 compromise so many different passwords it can be impossible to know which of yours are still safe. That’s where Google’s new extension comes in.

Since Password Checkup relies on sending your confidential information to Google, the company is keen to emphasize that this is encrypted, and that it has no way of seeing your data. Passwords in the database are stored in a hashed and encrypted form, and any warning that’s generated about your details is entirely local to your machine.

Google isn’t the only company to offer such a service. 1Password’s robust password manager includes Watchtower integration to compare your passwords against Have I Been Pwned’s database of breached credentials. Google’s extension is free and you can use Chrome’s built-in password generator to generate a new password if you find one of yours has been compromised.

While it sounds like a useful extension, ultimately Password Checkup further underlines how terrible passwords are as a means of keeping your accounts secure. Standards like WebAuthn, which replaces your password with a hardware token that only you have access to, are promising, but so few sites currently support the standard that it’s not really viable for widespread use. Two-factor authentication is another useful layer of security but, it too has limitations.

So for the time being we’re going to repeat the same advice we give every time we talk about passwords. 

You should

  • use a password manager
  • use a unique password for every site
  • change any affected passwords the moment you hear about a breach
  • turn on two-factor authentication for all sites that support it !

The difference, now, is that you should also consider installing Chrome Password Checkup extension.