Google launches Password Checkup feature, will add it to Chrome later this year

Google launched today a new service called Password Checkup that will check a user's saved passwords if they've been leaked and compromised in breaches at other services.

The service is currently available for the Google web dashboard and Android devices, but will also be added to the Chrome browser later this year.

On the web, Password Checkup will be available at passwords.google.com. If Chrome users ever choose to use a Google account with the Chrome browser and then saved passwords in Chrome, this is the website where those passwords are synced to.

The passwords.google.com website has been around for a while but has only been known to Chrome power users. But starting today, Google wants all Chrome users to consider it the company's official "password manager."

Here is where they'll be able to see a list of all the passwords they've ever saved in Chrome, and also access the new Password Checkup feature.

To use the new feature, a new button that says "Check Passwords" will be available. Once pressed, Google will take all the user's passwords and check them against an internal database of over four billion user credentials that have been leaked online via breaches at other companies.

If a username & password combo is found in this database, Google will warn the user that they need to change the password for that account, as they're at risk of having the account hijacked by hackers.

On Android devices, the Password Checkup feature takes all the account details saved on a device and checks them against the same Google internal database. Users can access Password Checkup on their device via the official "Google" Android app.

The Password Checkup feature is based on an eponymously named Chrome extension that Google launched in February, which allowed users to test their locally saved Chrome passwords for any leaked credentials.

But while the extension worked great, Google also plans to add Password Checkup inside Chrome itself later this year. Currently, the feature is already available in Chrome Canary, the Chrome version where the company tests feature before they enter the Chrome Beta and Chrome Stable release cycle.

To enable Password Checkup in Chrome Canary, users must navigate to the chrome://flags section and enable the "Password Leak Detection" feature (chrome://flags/#password-leak-detection).

When this feature is enabled, a new option appears in the Chrome Settings panel, in the Passwords section.

The upcoming Chrome Password Checkup feature won't work unless users have chosen to use a Google account as a Chrome profile.

This should quench any users' fears that "Google is scanning Chrome passwords without permission," as the feature won't work unless users specifically sign into Chrome with a Google account, and sync passwords.

Google's push towards improving password security is part of the company's broader plan of bolstering the security of its entire service.

Online accounts are all interconnected through thin wires -- namely usernames and passwords. Password reuse can often lead from the compromise of an initial account to hacks at multiple services. Google accounts often sit at the center of this web of personal accounts since most people use a Gmail address to register on most of their online services.

Gmail addresses are considered the holy grail of all hacks since if an attacker compromises one, they can use it to reset passwords at multiple other services.

Password reuse has been the easiest way through which attackers jump this web of interconnected accounts, in the hopes of hitting the jackpot -- a Google account or an account with access to financial resources.

One way to prevent this has been to use two-step verification (2SV) or two-factor authentication (2FA) solutions, of which Google has been the main proponent and a driving force over the past few years.

But since the start of the year, and through the launch of the Password Checkup Chrome extension, Google also began pushing for the use of unique passwords, and eradication of password reuse.

And password reuse is a major problem nowadays. A recent survey conducted by Google and The Harris Poll on a sample of 3,419 Americans has shown that users tend to use simplistic passwords, or tend to reuse passwords across accounts to make their lives easier.

source zdnet

Industry: Cyber Security