Password Checkup extension on Chrome takes care of password safety

Google released a new feature which allows protecting sensitive data and passwords

Google released the Password Checkup extension to protect users sensitive data on Google Chrome

Not so long ago Google together with Stanford University researchers presented a new security feature for the Google Chrome web browser. The feature comes in a form of an extension for desktop computers which, after being added to the Chrome, takes care of user's passwords. The extension, which we highly recommend trying, is known as “Password Checkup”.

What the tool does is checking all passwords for any misuse. The Password Checkup extension places the password in third-party pages and tries to find out if it has been involved in data exposure or similar events. If something suspicious is detected, the user receives an alert warning about such activities and is urged to change the password immediately.^[1]

Google ensures users that no one, including the company itself, cannot revise any sensitive details

Those who are worried that extension could use their personal details have been ensured by Google that no sensitive information is revealed to anyone because of cryptography technology. This password protection feature is developed not to allow anyone to access any account data.^[2]

Moreover, the extension is created not to annoy users and avoid warnings if they select simple codes for their passwords. The tool displays a warning only if it finds out that all login information has been involved in some type of breach.^[3]

While trying to be up-to-date, the extension gathers all the information about recent data leakages and similar misleading activities. By doing so, Google company is seeking to make sure that no passwords and other sensitive details are compromised due to data breaches. If you got interested in this feature, you can find it in Chrome Web store.

A closer look to the Password Checkup extension

Taking a deeper look to the Password Checkup reveals that Google needs to generate an entire list of data exposures in order to find all possible links throughout the Internet and warn its users on time:

We use blinding and private information retrieval to search through every unsafe username and password without revealing your account details, or anyone else’s, during the process

Once Google finds some hacked pages, it stores an encrypted and unencrypted version of the data to keep it safe and to include it in the data breach list. This type of data is locked with a specific encryption code and no one can access it. As a result, Google gets some time to search for sensitive information that might have been leaked or misused.^[4] Google services also encrypt all of the user's login details to keep them safe from possible incidents. Additionally, the encryption key can only be found on the user's personal computer.^[5]

After checking all the beforementioned things, the Password Checkup feature investigates user's machine as the last location to check. If something misleading is found, the tool alerts about possible dangers and urges the person to change passwords as soon as possible. An extremely good and important thing is that Google has created the extension in a way that various cybercriminals would not be able to misuse it, so, the company guarantees that it is safe for usage.