Skip to main content

At least 1.5% of online passwords are compromised, Google has found

(Image credit: Google)

Early this year, Google introduced the Password Checkup extension to its Chrome web browser, enabling users to automatically detect if the login details used online have been compromised.

New research from the tech giant has found that, in just the first month of the extension operating, 1.5% of the users (316,000) that installed and used the extension were using logins known to be unsafe – but Google is looking to change that.

When you take into consideration the billions of users that didn’t install the extension, and the likelihood that their login details are compromised as those that did, this is a rather alarming figure.

Regular checkups

The Password Checkup extension works by notifying users if they try signing into any website “using one of over 4 billion usernames and passwords that Google knows to be unsafe due to a third-party data breach”.

Both the checking of user login details, and the cross-referencing with the database of compromised details utilizes encryption to ensure that no information is stored locally or remotely with Google.

Currently, users wishing to use this feature will need to install the extension themselves and opt-in, and the functionality is limited to platforms that support extensions at all (Chrome for Android doesn’t, for instance).

However, as discovered by 9to5Google, the Chromium Bug Tracker is showing evidence that Google will integrate this feature into Chrome directly (specifically, in October’s release of Chrome 78), allowing it to become available by default to many more users.

Chrome, though, isn't the first browser to boast a tool like this. A similar feature (Monitor) already exists in Mozilla’s Firefox web browser, in partnership with the website and database HaveIBeenPwned, and it was recently discovered that improved integration with Monitor and the browser’s password manager will roll out in a future release.