Called the Google Password Checkup, the plugin will function across any login environment. This means if you login to say, Facebook, and a breach has happened, you will be notified. That means this Chrome plugin is likely to sit unused and forgotten by a lot of users. However, when or if a breach does occur, you can be on top of it faster. This is important because in many cases users don’t even know when their services have been breached. Only when you log in to a site that has had a data breach will Password Checkup spring into action. The plugin searches login and password information from the recent Collections leak and informs the user if information has been compromised. The Collections leak is a megaleak of over 2.2 billion usernames and passwords. Google says it has archived 4 billion credentials and the plugin will notify users if a service, login, or password has been breached: “We built Password Checkup so that no one, including Google, can learn your account details. To do this, we developed privacy-protecting techniques with the help of cryptography researchers at both Google and Stanford University.” When a leaked credential is found, Password Checkup initiates a popup in Chrome. This notification urges users to change their password.
Cross Account Protection
During Safer Internet Day yesterday, Google also launched Cross Account Protection. This new solution adds another layer of security around third-party apps or websites that use Google accounts as a login method. Google partnered with the Internet Engineering Task Force (IETF) and OpenID Foundation, Cross Account Protection offers behind the scenes defense: “When apps and sites have implemented it, we’re able to send information about security events—like an account hijacking, for instance—to them so they can protect you, too. We’ve designed the security events to be extremely limited to protect your privacy:
We only share the fact that the security event happened. Only share basic information about the event, like whether your account was hijacked, or if we forced you to log back in because of suspicious activity. We only share information with apps where you have logged in with Google.”