Together with several innovations aimed at increasing user privacy, Google announced a change designed to provide a higher level of protection on the Internet. Google will warn users of weak and compromised passwords.
It’s about updating the Google password manager built-in to Chrome and Android – now it can give an assessment of the strength of passwords stored and used by the user.
If one or the other user password is unreliable, the Password Checkup function reports this, strongly recommending changing it to another. If the same password is used for several accounts or the combination is too simple, the user will also receive a warning.
“We built Password Checkup so that no one, including Google, can learn your account details. To do this, we developed privacy-protecting techniques with the help of cryptography researchers at both Google and Stanford University”, — inform in Google.
Up to this point, password checking worked only through the Google Password Checkup proprietary extension, which was launched in February this year. Now the “Password Verification” section is directly in the Chrome browser.
In the future, functionality will be built by default directly into the Chrome browser, which will greatly simplify the work with the tool.
Passwords are sent for verification in encrypted form, so you should not to worry about security.
“We help keep your Google Account safe by proactively detecting and responding to security threats. For example, we already automatically reset the password on your Google Account if it may have been exposed in a third party data breach—a security measure that reduces the risk of your account getting hacked by a factor of ten”, — reported in Google.
During the check, the data is reconciled with the database of “weak passwords” seen in various types of leaks. Of course, Google intends constantly update the database, drawing information from various sources, including darkweb.
Previously, Google said that reconciliation is carried out basing on 4 billion accounts.
According to Google, since launching the Password Checkup extension for the Chrome browser has been downloaded more than a million times, approximately half of users have received notifications that third parties have stolen their passwords.
In this context, it will be appropriate to recall the similar service Have I Been Pwned, developed by Australian cyber security specialist Troy Hunt. With it, users can check if their logins and email addresses have been noticed in data leaks.
Now the site’s database contains information about more than 8.5 billion accounts from 406 hacked services. In fact, Google decided to make its own service, following the example of Have I Been Pwned.