Google’s Password Checkup Plugin Added to the Security Checkup Dashboard

woman using google app on smartphone

Almost all online accounts are secured by a password. The fact that many people reuse their passwords also means that they’re putting themselves at risk. Google has tried to help in this department for a while. The company has set up an online password manager in their browser which can save your passwords. But over the past year, Google has been working on a plugin named Password Checkup. This plugin will now be put front and center in the Security Checkup dashboard.

Secure Passwords

Google is worried about password protection for a reason. Research has shown that 52 percent of people reuse their passwords for several accounts. And even worse, thirteen percent use the same password for every account they have. It is understandable that people reuse passwords. First of all, it’s not that easy to think of a password that is secure and easy enough to remember. And secondly, nowadays you need an online account for almost everything, and it’s hard to keep track of all of these passwords.

Reusing password might seem like the way to go. But it does put your sensitive information at danger. If your password ever gets leaked in a data breach, and you’ve used the same password for all of your accounts, hackers will be able to access all of your information. “We know from other research we’ve done in the past that people who’ve had their data exposed by a data breach are 10 times more likely to be hijacked than a person that’s not exposed by one of these breaches,” said Kurt Thomas, a member of Google’s anti-abuse and security research team.

A password manager is a handy tool to use to keep track of all of these passwords. Google has offered a built-in password manager in Google Accounts on Chrome and Android. This password manager gives you the option to save a password and autofill them on websites the next time you try to log in. And there are many more password managers out there.

Password Checkup Plugin

Over the past years, Google has been working on a tool that actually helps you to create a better password. This tool is the Password Checkup. Whenever you create a new account and set a password for it, the tool checks that login against a database of leaked credentials. So it checks whether the password you want to use hasn’t already been leaked somewhere.

Google has published a blog in which they explain how they check the passwords. Basically, Google stores a hashed version of every known username and password that has been exposed by a data breach. When you try to log in to an account, Google will check a hashed and encrypted version of your login details against that database. Because of the encryption, Google can’t see your details, and you can’t see any of the stored data. If there’s a match you’ll be notified and Google will recommend that you change you password.

In the future, Google wants to be able to send you an email when the Password Checkup has detected that one of your stored logins has been compromised in a data breach. The company plans to launch this feature in the coming months. Google also wants people to be able to use Password Checkup even when they’re not logged into a Google account. This will hopefully happen later this year.

Password Sources

So how does Google get all of these exposed login details? A representative for the company said that Google gets them from “multiple different sources and trusted partners”. Password dumps are often openly shared on underground forums, so the company finds them there as well. The company’s policy is that they will never pay criminals for stolen data, but this data often does find its way to the surface somewhere.

Apple Announcement

Yesterday, Apple announced some new privacy features for the next version of Safari, Apple’s browser. One of these features is a password-monitoring tool similar to Google’s Password Checkup. It detects whether any of your saved passwords have been involved in a data breach. Safari is also getting support for extensions made for other browsers, so you can import your history, bookmarks, and passwords from Chrome.

Cybersecurity analyst
David is a cyber security analyst and one of the founders of Interested in the "digital identity" phenomenon, with special attention to the right to privacy and protection of personal data.