Google’s Password Checkup aims to protect you against data breaches

Google has launched a new product designed to check the safety of passwords. The tool, called Password Checkup, looks at saved credentials and warns the user if they are present in any leaked databases.

The feature is currently available via the Google Web Dashboard, as well as on Android devices. Google plans to roll out Password Checkup to users of the popular Chrome web browser in late 2019, although it hasn’t specified exactly when.

Password Checkup tool lets users check every password ever saved within Chrome against an expansive database of 4 billion leaked credentials. If it finds a match, Google will alert the user and recommend they urgently change their password.

On Android, Password Checkup works slightly differently. It compares all locally stored passwords against the database–not merely the ones saved with Google.

In recent years, hackers have managed to obtain large quantities of credentials from several major online properties, including LinkedIn, Myspace, and Adobe.

Software development best practices state that any site that holds user details should store passwords in an encrypted format that cannot be read, either by a third-party hacker or even by the site itself. Developers accomplish this through a process called “hashing” and “salting.” Unfortunately, many sites fail to take this necessary precaution.

When hackers attacked the Ancestry.com-owned website RootsWeb in 2015, they escaped with nearly 300,000 email addresses and unencrypted passwords. The site only became aware of the breach in 2017, after it received a tip-off from a security researcher.

Then, in May 2016, hackers posted a stolen LinkedIn database containing over 164 million records to the dark web. The passwords were encrypted, but in a way that was trivially easy to break.

Most people are guilty of reusing passwords across different websites. Security experts warn against it, however, because when a site suffers a data breach, it opens the door to hackers compromising accounts on other websites.

There’s hope Google’s Password Checkup will shape good password hygiene among the wider public by warning them when they’re using insecure passwords and educating them against the risks posed by password reuse.

READ MORE:

H/T ZDNet