Earlier this year in February, Google launched an extension for Chrome browser called Password Checkup. It is aimed to help users by analyzing usernames and passwords for various services used on a daily basis. The Google Password Checkup tool also verifies passwords for logins and prompt warnings, and flags the same if there are any third-party data breaches. Also Read - Google enables password-less login if you have an Android smartphone
Google Password Checkup tool findings
A recent report by Google Security Blog has revealed that 650,000 users participated in an early experiment. In the first month, the search giant scanned about 21 million usernames and passwords, and flagged at least 316,000 as unsafe. This means at least 1.5 percent of user passwords are compromised. Also Read - Google Chrome is testing global video play or pause button to stop auto-playing videos
This included sign-ins for “some of [users’] most sensitive financial, government, and email accounts” and covered “shopping sites (where users may save credit card details), news, and entertainment sites,” Google wrote in the blog. Also Read - Here's how you can shop online easily using Google Chrome browser
Using the same password everywhere
One of the problems here is where people are 2.5 times more likely to reuse the same passwords outside most popular sites. For users, it is easier to remember passwords. However, it becomes even easier for hackers to access accounts using a special technique called credential stuffing.
Even after Google Password Checkup tool warned users about their passwords been compromised, only 26 percent of users went ahead to reset passwords. Still, 60 percent of these passwords entered by users were relatively secure. Even for an ethical hacker, it would require millions of attempts to guess randomly. Earlier, only about 20 percent of new passwords achieved this level of security.
Google has also announced new features for the extension. “It allows users to opt-out of the anonymous telemetry that the extension reports, including the number of lookups that surface an unsafe credential. By design, the Password Checkup extension ensures that Google never learns your username or password. But we still want to provide this option if users would prefer not to share this information,” Google said.