Chrome alerts on compromised passwords

As with Firefox, Chrome will also alert you when signing in to accounts with compromised passwords. Google is adding a built-in data compromise notification service to Chrome that will alert users when they log into websites with a username and password that are compromised in a hacking attack.

As password leakage has become almost an everyday problem, with users not giving up the habit of using “recycled” passwords. That paved the way to vendors that offer notification services to users when their email addresses and passwords are leaked after a number of incidents.

A new service from Mozilla Firefox

One of the more popular services of its kind is Have and Been Pwned, with which Mozilla collaborates. In partnership with Have and Been Pwned, Mozilla has launched a Firefox Monitor that is integrated into the Firefox browser, so users can utilize this service.

So, Google has also recently launched a new and very similar service via a Chrome extension called Password Checkup, which alerts users after installation if their usernames and passwords are compromised.

Data breach notifications

Using Password Checkup, Google recently conducted a survey that found that 1.5% of all account sign-ins were compromised by data compromise. This study also found that only 26% of users who were notified of compromised data actually changed their password.

Since this study has shown that notifying users of compromised login information is somewhat helpful and could get us to a safer Internet, Google now wants to embed this support directly into Chrome. Although this new feature, called “Password Protect” is now only in the development phase, there are indications that it will work. When the password protection feature is enabled, a new option will appear in the Google Chrome Password Manager that allows you to enable and disable the compromised data detection feature.

For this feature to work, the user must first log in to the browser. When it does, if it tries to log onto the website with compromised data, Chrome will display a “Data breach reported” alert. If your username and password are compromised for a specific site or app, Chrome will also let you know what site or app it is about.

It is currently unknown what the “Check Passwords” button will do, but it is possible that it will lead the user to a page describing an incident where data has been compromised and where a stronger password is recommended.
And for business users, Google intends to add the “PasswordLeakDetectionEnabled” option, which will allow administrators to disable the password protection feature in Chrome if needed.
It sounds and probably will be a very useful extension, but what is more important to underline, services like Password Checkup shows us how actually terrible passwords are as a means of keeping your accounts secure. Replacing your password with a hardware token that only you have access to, is a somewhat promising solution, but they aren’t really viable for widespread use. Another method is the two-factor authentication, as another useful layer of security. But it is also considered to have too many limitations.

So, for the time being, we’re going to repeat the same advice we give every time we talk about passwords. You should use a unique password for every site, you should change any affected passwords the moment you hear about a breach, and you should turn on two-factor authentication for all sites that support it. But now, more solutions are opening for you. Why not consider installing Chrome Password Checkup extension or already mentioned Mozilla solution? Be safe.