As data breaches become normalized, it’s more and more likely that your personal information may be exposed. But how will you know? On Tuesday, Google published a Chrome plugin that will report if the login info you use in say, Yahoo, has been stolen.
Google’s Password Checkup plugin won’t do anything until it detects that you’ve logged into a site whose data has been previously compromised. If a login and password have been found in the recent “Collections” leak of more than 2 billion usernames and passwords, a message will pop up warning that your information has been compromised. All told, Google has archived over 4 billion credentials that it feels have been compromised.
Put another way, you can always manually check to see if your username and password has been leaked to the Web, using the Hasso Plattner Institute’s Identity Leak Checker, HaveIBeenPwned, or some other trusted database. Google is promising is to perform this process automatically via Chrome, each time you visit a site.
If Chrome detects a credential has been stolen and published to the web, the Password Checkup popup will then ask you to change your password. (It’s not necessary, but it’s strongly advised.) Chrome already offers an automatic password generator, and will store that new password in a password credential file automatically, if you choose, and use it to log into a site automatically in future visits.
Cross Account Protection works with partner sites
Google also marked Safer Internet Day today by rolling out a related technology, known as Cross Account Protection, to provide another line of defense to those third-party apps that use your Google account to log in. This isn’t something that you can do anything about; Google said it’s working with the Internet Engineering Task Force (IETF) and OpenID Foundation, as well as major technology companies like Adobe, to secure accounts using Cross Account Protection behind the scenes.
If Google knows of a hack where your Google account was compromised, it will quietly send information to those sites, letting them know that your account should be deemed suspicious for the time being. It’s apparently up to those sites to determine whether they wish to continue allowing access for your compromised account while the situation’s sorted out. Google said that it will share a minimum of information with those sites to protect your privacy.
What this means to you: At one point, Microsoft, Google, Mozilla and others wanted you to become accustomed to using their own particular browser. Now, the incentive is for you to feel like you need to use a browser like Chrome. With additional features like a password locker, password generator, and now breach detector, Google’s quietly building in value to convince you to stick with its browser rather than try alternatives.