Google, which already has a password manager that syncs across Chrome and Android, has now added a feature called the password checkup. This feature analyses a user’s logins to ensure that they have not been part of a security breach.
Password checkup is not new per say as it was already available as an extension, but now Google is building it right into Google account controls, which will be prominently featured at passwords.google.com, the URL shortcut to its password manager.
The user’s login credentials are compared against the millions upon millions of known compromised accounts that have been part of major breaches. The tech giant claims that it also keeps a check on the dark web to some extent for collecting passwords.
If the user’s password has been included in a breach, Google will ask him/her to change the password. The same is applicable if Google figures out that a password is being reused.
Google will also notify the user of accounts using weak passwords that are on the easy-to-guess end of the spectrum.
In a statement, Google said, “Since Password Checkup relies on sending your confidential information to Google, the company is keen to emphasize that this is encrypted, and that it has no way of seeing your data. Passwords in the database are stored in a hashed and encrypted form, and any warning that’s generated about your details is entirely local to your machine.”
Apart from this there is another way of checking if your password has been compromised or not. In 2013, Australian web security expert came up with ‘Have I Been Pwned’ searchable data breach database. The database has details of more than 9 billion compromised accounts and is one of most popular way to find out if your password has been stolen or not.
To check if your password is safe or has been compromised, all you need to do is enter your email address or username. After this, details of any data breaches that your credentials were stolen in will appear. The passwords that correspond to the user’s email address are not stored in the database so that there is minimum risk of compromise.
