- Apple TV’s ‘Servant’ will make you scared of reborn dolls 2 Months Ago
- Lindsey Graham roasted for turning his back on a veteran 2 Months Ago
- Scooter Braun asks Taylor Swift for ‘resolution’ after allegedly getting death threats 2 Months Ago
- ‘Frozen 2’ plays it safe and lacks the magic of the original 2 Months Ago
- Graphic video shows police pinning man face-down in subway station 2 Months Ago
- Mini-documentary shows Trump supporters clashing at Denny’s Today 11:52 AM
- Here’s why ‘Furry and Proud’ is trending on Twitter Today 11:16 AM
- Sacha Baron Cohen calls tech giants the ‘greatest propaganda machine in history’ Today 11:04 AM
- ‘Resistance Reborn’ is a must-read before ‘The Rise of Skywalker’ Today 10:14 AM
- Stephen Miller should be fired, more than 100 lawmakers say Today 9:56 AM
- YouTube star Bretman Rock goes off on fans who wanted selfies during his dad’s funeral Today 9:14 AM
- The U.S. Army is reevaluating its use of TikTok after security concerns Today 8:45 AM
- Nurse’s TikTok video accused of being insensitive to patient trauma Today 8:16 AM
- The tweet showing a man talking to a woman in a club is gone but not forgotten Today 8:00 AM
- Netflix’s ‘The Knight Before Christmas’ is gosh-darned hopeful Today 7:30 AM
Google has launched a new product designed to check the safety of passwords. The tool, called Password Checkup, looks at saved credentials and warns the user if they are present in any leaked databases.
The feature is currently available via the Google Web Dashboard, as well as on Android devices. Google plans to roll out Password Checkup to users of the popular Chrome web browser in late 2019, although it hasn’t specified exactly when.
Password Checkup tool lets users check every password ever saved within Chrome against an expansive database of 4 billion leaked credentials. If it finds a match, Google will alert the user and recommend they urgently change their password.
On Android, Password Checkup works slightly differently. It compares all locally stored passwords against the database–not merely the ones saved with Google.
In recent years, hackers have managed to obtain large quantities of credentials from several major online properties, including LinkedIn, Myspace, and Adobe.
Software development best practices state that any site that holds user details should store passwords in an encrypted format that cannot be read, either by a third-party hacker or even by the site itself. Developers accomplish this through a process called “hashing” and “salting.” Unfortunately, many sites fail to take this necessary precaution.
When hackers attacked the Ancestry.com-owned website RootsWeb in 2015, they escaped with nearly 300,000 email addresses and unencrypted passwords. The site only became aware of the breach in 2017, after it received a tip-off from a security researcher.
Then, in May 2016, hackers posted a stolen LinkedIn database containing over 164 million records to the dark web. The passwords were encrypted, but in a way that was trivially easy to break.
Most people are guilty of reusing passwords across different websites. Security experts warn against it, however, because when a site suffers a data breach, it opens the door to hackers compromising accounts on other websites.
There’s hope Google’s Password Checkup will shape good password hygiene among the wider public by warning them when they’re using insecure passwords and educating them against the risks posed by password reuse.
- Google+ to start deleting account data on April 2
- Apple attempts to fix its messy iOS 13 rollout with new update
- How to update Google Chrome—and why you need to right now