Google’s new Chrome extension warns if your login is compromised

The company is also extending new security features to websites that allow Google sign-ins

Google wants to help keep users’ accounts secure online, and it’s providing two new tools to do so.

The search giant said in a February 5th blog post it has launched a new Chrome extension, called Password Checkup, to help protect your accounts from data breaches, by warning you if your login credentials have been compromised.

Google also launched a new ‘Cross Account Protection’ tool for websites that require you to log in with Google.

The company says it knows of over 4 billion credentials that are compromised, and the extension will inform you if your credentials match any of the compromised logins.

The Mountain View-based company says it designed Password Checkup to be actionable. When a user receives an alert about compromised credentials, it doesn’t just tell you; it prompts you to change your password.

Google says this is generally the best way to secure an unsafe account, and while other data, such as addresses and phone numbers, could be compromised in a breach, it focuses on warning about unsafe usernames and passwords.

Further, the company says it wants to avoid ‘alert fatigue’ by only warning users if all information necessary to access an account has fallen into the hands of an attacker. For example, it’ll warn you if both your current username and password appear in a breach, which poses the most significant security risk.

Google Password Checkup

For those concerned about privacy, Google says not to worry. Privacy was at the heart of designing Password Checkup. The search giant says it created the extension so it couldn’t see the information, but also made sure attackers couldn’t abuse it to reveal unsafe usernames and passwords.

To learn more about the privacy aspect, you can read up on the inner workings on Password Checkup in this Google Blog.

Along with Password Checkup, Google’s new Cross Account Protection feature allows Google to send information about security events to sites that implement the service.

Google Cross Account Protection

Google says it only shares if the event happened and necessary information like whether someone hijacked your account or if you are required to log in again because of suspicious activity. Further, this information is only shared with apps where you’re logged in with Google.

In both cases, the services are relatively new, and Google will work to improve and refine them over time. Cross Account Protection will start working with apps and sites that support it. As for the Password Checkup extension, it’s available to download from the Chrome Web Store for free.

Source: Google