Given the frequency of hacks and data leaks these days, chances are good that at least one of your passwords has been released to the wild. A new Chrome extension released by Google today makes it a little easier to stay on top of that: Once installed, Password Checkup will simply sit in your Chrome browser and alert you if you enter a username / password combination that Google "knows to be unsafe." The company says it has a database of 4 billion credentials that have been compromised in various data breaches that it can check against.
When the extension detects an insecure password, it'll prompt you with a big red dialog box to immediately update your info. It's handy, but users might wonder exactly what Google can see -- to that end, Google says that the extension "never reveal[s] this personal information." Additionally, any data reported back to Google about the extension's use is anonymous. Google's blog post has more details about the security the company put into place:
At a high level, Password Checkup needs to query Google about the breach status of a username and password without revealing the information queried. At the same time, we need to ensure that no information about other unsafe usernames or passwords leaks in the process, and that brute force guessing is not an option. Password Checkup addresses all of these requirements by using multiple rounds of hashing, k-anonymity, private information retrieval, and a technique called blinding.
Google also says the extension was designed to be actionable and not too much of a pest to users. It won't nag you if you're using weak passwords (think "123456" and other such gems) or tell you about other info that may have been compromised along with your username and password, like an address or phone number. It's strictly focused on making passwords more secure. If you're one of the many people using Chrome as your main browser, it certainly seems like it's worth installing (if not, Firefox Monitor and 1Password offer similar options). Sure, you could just go to HaveIBeenPwned.com to check on your accounts, but having an extension automatically do that every time you log in could make staying on top of your passwords a little easier.