If your username and password were part of a hack, Password Checkup will let you know.
Given the frequency of hacks and data leaks these days, chances are good that at least one of your passwords has been released to the wild. A new Chrome extension released by Google today makes it a little easier to stay on top of that: Once installed, Password Checkup will simply sit in your Chrome browser and alert you if you enter a username / password combination that Google “knows to be unsafe.” The company says it has a database of 4 billion credentials that have been compromised in various data breaches that it can check against.
At a high level, Password Checkup needs to query Google about the breach status of a username and password without revealing the information queried. At the same time, we need to ensure that no information about other unsafe usernames or passwords leaks in the process, and that brute force guessing is not an option. Password Checkup addresses all of these requirements by using multiple rounds of hashing, k-anonymity, private information retrieval, and a technique called blinding.
Google also says the extension was designed to be actionable and not too much of a pest to users. It won’t nag you if you’re using weak passwords (think “123456” and other such gems) or tell you about other info that may have been compromised along with your username and password, like an address or phone number. It’s strictly focused on making passwords more secure. If you’re one of the many people using Chrome as your main browser, it certainly seems like it’s worth installing (if not, Firefox Monitorand 1Password offer similar options). Sure, you could just go to HaveIBeenPwned.com to check on your accounts, but having an extension automatically do that every time you log in could make staying on top of your passwords a little easier.