Google launches Password Checkup feature to flag hacked passwords

3 Oct 2019

An employee cycling on a Google campus. Image: Google

Google research discovered more than 4bn usernames and passwords that have been exposed due to third-party breaches.

On Wednesday (2 October), Google made a couple of announcements about new privacy and security features, including the introduction of incognito mode to Google Maps, auto-delete for YouTube history, and improved privacy settings with Google Assistant.

Among these announcements, the company also introduced some new features to improve password security. In a blogpost, the company said: “Protecting your privacy online requires strong security, and that’s why we protect your data with one of the world’s most advanced security infrastructures.”

Google debuted its Password Checkup extension for Chrome earlier this year, which displays a warning whenever users sign into a Google account with one of the 4bn usernames and passwords known to be unsafe as a result of third-party breaches.

‘The weakest link’

Google said that it is now stepping up its password manager service. The new Password Checkup feature is built from the Chrome extension, which has been downloaded more than 1m times since it was launched earlier in the year. Nearly half of the users who have downloaded the extension have received warnings for compromised passwords.

However, the new Password Checkup will be built directly into the Chrome browser by default – users will receive the feature without needing to install a separate extension

With one click, it will inform a user if their password is weak, has been reused across multiple sites, or if Google has discovered that the password has been compromised in a third-party breach, or otherwise.

The company said: “We want to help protect you across the internet, and a big part of that is helping you remember passwords for your other online accounts. With so many accounts, bad habits like using the same password across multiple services are common, and make all of your accounts as vulnerable as the weakest link.”

“We’ve found more than 4bn usernames and passwords that have been exposed due to third-party breaches. If any of these are yours, attackers could have these passwords and access your information.”

Kelly Earley was a journalist with Silicon Republic