Click to Skip Ad
Closing in...

Google Chrome can now tell you if your passwords were hacked

Published Feb 5th, 2019 11:35AM EST
Google Password Checkup
Image: Valentin Wolf/imageBROKER/Shutterstock

If you buy through a BGR link, we may earn an affiliate commission, helping support our expert product labs.

February 5th, 2019 happens to be Safer Internet Day, and Google is celebrating by releasing an awesome security tool that’s available right away for all Chrome browser users. What does it do? It looks at the username and password combinations you’re using to sign into various online services and warns you if the data is already in the possession of hackers. In other words, the Password Checkup Chrome extension will tell you when you need to change your password and every single person who uses Chrome should install it immediately.

In light of the recent Collection hacks, the news that Google’s password checking tool can compare your username/password combos against a database containing more than four billion leaked credentials is great. And before you worry that your passwords need to travel the internet to Google’s servers to perform the check, you should know that Google’s security team worked with cryptographers at Stanford University to ensure that Google never learns any of your usernames and passwords, and that any breach data stays safe from wider exposure.

Image source: Google

Once installed, the Password Checkup tool will monitor all your logins and trigger warnings once a positive match comes up. What’s great about the tool is that it should work with your current password manager if you use one (you really, really should be using one). Also, considering that the warning comes as soon as you’ve logged into an account, you’ll be able to change the password immediately — and you should do so once the warning arrives.

Google says it won’t bother you about outdated passwords that you may have reset or dumb passwords you might be using, like 123456 as long as they do not appear in a data breach. Of note, Google will collect some anonymous data from your Password Checkup usage, including “the number of lookups that surface an unsafe credential, whether an alert leads to a password change and the web domain involved for improving site compatibility.”

As for the actual password-matching trickery that goes on behind the scenes, Google explains that the actual password matching happens locally and Google will never know the username/password you’re using. The following infographic, explains exactly what the Password Checkup tool does from the moment you input your password to the moment it warns you to change it:

Image source: Google
Chris Smith Senior Writer

Chris Smith has been covering consumer electronics ever since the iPhone revolutionized the industry in 2008. When he’s not writing about the most recent tech news for BGR, he brings his entertainment expertise to Marvel’s Cinematic Universe and other blockbuster franchises.

Outside of work, you’ll catch him streaming almost every new movie and TV show release as soon as it's available.