Cybersecurity Blog

Chrome can now tell you if your password is part of a data breach – 02/07/19

Google used to have an extension for Chrome that lets you know if a password you are using is part of a known data breach. If you are one of my on- the-ball readers, your reaction should be somewhere between “Hold the phone” and “No flipping way”. After all, how the heck can they check if your password is part of a breach if it doesn’t actually read your password?

Well some clever people at Google had come up with a lovely little process that kept everything nice and secure.  So how did it work? Basically when you logged in to a site they took your username, encrypted and hashed it and then send it to Google. Their databases of unsafe passwords were searched. When they found possible matches, they downloaded that encrypted information to your computer. The extension then decryptes the account details and checked for a match. As the final matching was done on your machine, Google didn’t know your account details. All of that was kept from their preying eyes.

While the extension was lovely, Google has decommissioned it and instead added that functionality to their password management system. Now you get the benefit of the password checking without having to download an extension.

Updated 03/01/22

Leave a Reply

Your email address will not be published. Required fields are marked *