Freddie Lore

Google launches Password Checkup, a Chrome extension that alerts you if your login information appear in a data breach known to Google.

Several months ago, the internet is awash with news of data breaches and scandals perpetrated by bounty hunters, ransomware and bored security scientists. A handful of apps and services have been affected including Yahoo, Spotify, Netflix, Facebook among others.

The incident expectedly sparked outrage, prompting tech companies to revisit and beef up their cybersecurity and alert its millions of users to change their passwords immediately.

Yours truly wasn't spared from these leaks. A few months ago I discovered that my Spotify account had been used somewhere by a device I don't recognize, which fortunately had been patched up by Spotify. And of all the horrors of data leaks affecting my own personal account, the one that takes the cake: I discovered that my Gmail login information was publicly being dumped in a public domain for everyone to see.

That's where I began to take a serious look and acknowledged that there was indeed a data breach going on, prompting me to add few more security layers to all my online accounts including setting up two-factor authentication (2FA). Lucky to those who constantly monitor their online activities, but for those uninformed users who remained clueless of their exposed credentials, they might be in big trouble.

And that's what inspires Google to launch Password Checkup, a Chrome extension that alerts you when your passwords are no longer safe and prompts to re-secure your account.

How does it work?

As soon as you install Password Checkup from Chrome web store, every time you sign in to any sites, a hashed and encrypted copy of your login information are sent to Google in the background and it alerts you when your username and password are publicly exposed on the web. Password Checkup will then prompt you to reset your password immediately if it's deemed unsafe to use.

How does Google know if my passwords are no longer safe?

Google keeps a copy of virtually any dumped usernames and passwords publicly accessible online. And that makes it possible for Password Checkup to do a quick lookup against Google's internal database of around four billion usernames and passwords crawled from popular dumping sites like Pastebin and Github.

Google's Password Checkup is not the first of its kind that helps you identify if your accounts have been compromised. Popular password manager app 1Password previously gets Watchtower integration that compares your credentials against Have I Been Pwned's database.