Given that literal billions of usernames and passwords have been breached over recent years it’s likely that many of us have some user credentials out there that are in the hands of bad people. To help keep us safer, a number of services have emerged. Today, a new Chrome Extension has been released that checks if the if username and password combinations you tap into a login form have been previously compromised.
When you log into an online service the Password Checkup checks the username and password entered in the login form against a database of over four billion credentials that Google engineers have collected from public breaches in the past few years – basically their own version of the Australian made have I been pwned database.
If the check comes back saying your credentials have been leaked in a data breach or security incident, you’ll be warned and advised to change your password for that service.
Google “Password Checkup was designed jointly with cryptography experts at Stanford University to ensure that Google never learns your username or password, and that any breach data stays safe from wider exposure”.
Mozilla Monitor offers a similar service although it works differently, relying on have I been pwned to do the credential checking.