In this age of corporate hacks and massive password leaks, having a fresh, unleaked password is just as important as having one that’s hard to crack. To that end, Google just announced and launched a new Chrome extension that helps make sure your passwords haven’t been compromised and are still keeping your accounts safe.
The extension, called Password Checkup, takes your username and password as you use it and checks it against a registry of leaked credentials.
On its corporate blog, Google said the bank of compromised passwords it uses to check your account includes four billion unsafe name-and-password combinations, which is, you know, a lot.
Google claims that Password Checkup does not allow anyone to read or store your security information. Both the registry and your current security information are encrypted and hashed multiple times, and cross-referenced using a technique called blinding, which allows the extension to match your information with entries on the list without reading or storing either one.
The status of your password is only accessible using a key stored locally on the device using the extension so, in theory, you are the only person who can know what the extension turns up.
Password Checkup does collect some general data, including how many times a password in Google’s database gets checked and whether or not a password gets changed after its shown to be insecure. Google has a detailed explanation of the process on its security blog, in case you’d like to learn more.
Google is not the first company to offer up a service that checks your account information against past leaks. 1Password, one of our favourite password managers, offers a feature called Watchtower Integration, which checks your stored passwords against Have I Been Pwned, a huge, publicly searchable database of leaked passwords.
There’s one crucial difference between Password Checkup and Watchtower Integration—Google’s option is free. You can always check your accounts manually against Have I Been Pwned, but the fact that Password Checkup does it repeatedly and automatically increases the likelihood that you will catch a bad password in time to protect yourself.