Recently, web giant Google set up a new extension to detect login credentials (i.e. password and username) that are not secure.
This new extension is called "Password checkup" and is activated every time the user is online.
This article will also interest you: Google and the secret question of passwords
This new program has the functionality of verifying whether our login credentials, following various combinations, have not been disclosed on the Internet, especially during a breach of personal data or leaks of information from an unsecured server. The new Google extension will recover the identifiers that the user will insert into the login forms.
Then it will compare it with the identification database that Google has (which contains about 4 billion identification data). If the identifiers are in Google's unsecured information database, a window will appear to alert the user and ask them to make some changes to their credentials.
According to Google this program was designed to avoid any intrusion into the privacy and sphere of the user. some so, even Google, and other hackers will have a hard time collecting certain information relating to the online identification of the many Users.
Some experts outside Google have made it possible to Password checkup design. Indeed cryptography experts from Stanford University helped the Google team. "Password Checkup was designed in conjunction with cryptography experts from Stanford University to ensure that Google never knows your name username or your password, and that any breach data remains sheltered from greater exposure. said the firm's officials American. "We want to help you stay safe not only on Google, but also on the Web (…) As this is a first version, we will continue to refine it over the next few months, including improving site compatibility and username field detection passwords. »
However, there have been similarities between this service and that of Firefox monitor, which Mozilla has been proposing since 2018. But basically we realize that the two programs are very different. Indeed, the Firefox program only reports via an alert, the user when he accesses a website that has been corrupted by a computer attack, where was the victim of a security flaw simply the last 12 months before.
On the Google side, the features act proactively, which allows you to check passwords and usernames entered in real time on online forms. While the Firefox monitor works in connection with HaveIbeenPwned, Google's notWordcheck-up works with us giant internal data or other leaked information, different from those of HaveIbeenPwned. According to the U.S. firm, the expansion not only verifies the password apart and the username apart, it checks both at the same time.
Now access an unlimited number of passwords: