Skip to content

new password check tells you if your credentials are secure

26 mayo, 2021

At the beginning of the year Google launched an extension for Chrome called Google Password Chekup, its function is to carry out proactive and silent checks to alert us when our credentials are insecure, that is, Google verifies if your username or password has ever been exposed in a security breach and tells you if you should change them.

Now Google has decided to expand this tool and they are going to integrate it with their own password manager, that is, you can simply go to your page for managing the passwords that you have stored in Google so that one click inform you if your passwords have been exposed.

In Genbeta we spoke with Elie Bursztein, leader of Google’s fraud and abuse research and development team about this tool, how it works, its purpose and the benefits of using a password manager.

My email and password have been leaked in the biggest security breach in history, how can I protect myself?


It’s not the same as ‘Have I Been Pwned’

Google Passwor Checkup

At Genbeta we have talked a lot about Have I Been Pwned, a website that for several years has verified our credentials with a huge database of security breaches and tells us if our email or password has been compromised.

In fact, browsers like Firefox integrate it through Firefox Monitor to tell you if your data has been leaked or if a website you visit has suffered a data breach.

Google Password Chekup sounds similar, but as Elie explains, it works differently: “We review login and password in a way that preserves privacy, which means that we will never know anything about your username or password, for this we work with a university to build a privacy protection protocol “.

“We will never know anything about your username or password”

Google Password Chekup Results Do your check immediately, the results may be worse than you expect

In addition to this, Bursztein explains that with the Google tool there is never a false positive, they are always 100% sure if your data has been compromised.

Bursztein believes that this offers value to the user because they do not tell you which of your accounts “could be compromised” but which ones are with certainty, that is, “hackers have them”.

Why ji32k7au4a83 is an incredibly weak password

The reason behind this project is that about four five years ago the company began to actively investigate the credentials of Google users who had leaked into data breaches and they found more than 100 million accounts.

This tool is for those who do not know or have the time to search for their data in those leaked databases to check if their credentials have been exposed.

Don’t use the same password everywhere

Google Password Check

When asked about other methods that could replace passwords in the future, Elie told us that she doesn’t think it’s about changing from having passwords to having no passwords, believes that the most important thing is to start by using a password manager so as not to use the same password everywhere.

Only 20% of users use a password manager, so 8 out of 10 people generate passwords themselves and end up using the same one everywhere, when one is compromised they all compromise. The first step is to get people to start using a manager, and if we can then get them to use two-factor authentication even when a password is leaked, that other factor will be needed to be able to compromise their data.

For / against using a password manager: these are the arguments

For and against the use of password managers there are many arguments, but one that tends to stop some users is the fact that they depend on a master password, and if that is compromised then everything is compromised.

Password Manager

Elie understands that concern and is clear that it is a problem, she thinks that it is an exchange that people have to decide to do and that it compensates, no method is perfect, and the most ideal is to protect that master password very well by making it safe and using a service with good reputation:

“It’s not perfect, but it’s a good step. In the case of Google’s password manager, your passwords are protected by your Google account.”

Later this year Google Password Chekup will become part of Chrome also, so that they will offer real-time protection without the need for extensions.

For now, you can access and to check your stored passwords and verify if they have been compromised in data breaches, if they are being used in different sites or even if they are very weak.