Released 'Password Checkup' which checks every time that Google's password on the Internet is not dangerous due to data breach


In order to prevent illegal use of the account used on the Internet by Google, we have released an extended function " Password Checkup " that automatically checks whether the password entered is not affected by third party leakage of data.

Google Online Security Blog: Protect your accounts from data breaches with Password Checkup
https://security.googleblog.com/2019/02/protect-your-accounts-from-data.html

We periodically reset passwords for Google accounts that were affected by third-party data breach. This strategy states that "Over the past two years, we have successfully protected more than 110 million Google users from the evil hand of data breach," Google wrote. If this kind of safety measures were not done, Google users are likely to be 10 times more likely to get hijacked accounts.

So far, Google has detected the possibility of data breach as soon as possible "Google Account only" and urged resetting of the password, but it is possible to confirm whether the password of every service on the Internet is safe newly We are releasing an enhanced "Password Checkup" extension for Google Chrome. This extension checks the password when a user signs in to some service on the Internet and warns the user when more than 4 billion authentication information that Google recognizes as dangerous is used Thing.

Password Checkup - Chrome Web Store



It's easy to use, go to the above page in Google Chrome and click "Add to Chrome"


Click "Add Extension"


Then you will be able to check if your password was automatically leaked on Chrome.


Afterwards it would be OK if you use various internet services as usual. No notice will be given, especially if the password used at login is OK.


By clicking on the Password Checkup icon, you can check that your password recently used does not contain any data compromised.


If you enter a password that may cause data breach, Password Checkup will show the following notification.



Password Checkup is an extension developed jointly by experts of cryptography at Stanford University and Google. It is designed to prevent Google from gathering user authentication information even when using extended functions. In addition, the technical details of the privacy protection protocol used in Password Checkup is also shared, and transparency about "How to ensure data security" is kept.

There are three design principles of Password Checkup as follows.

1: Alerts are practical and do not provide information <br> Alert provides concise and accurate security advice, prompts unsafe accounts to reset their passwords. There is a possibility that other personal information such as telephone number and address may leak due to data breach, but there is no direct step to protect that data again. That's why we focus only on warning about unsafe usernames and passwords.

2: Privacy is at the center of design <br> Username and password are very sensitive information. In order not to disclose personal information to Google, we design Password Checkup using privacy protection technology. I designed Password Checkup so that attackers can avoid exploiting Password Checkup to obtain information on insecure user names and passwords. Finally, all the statistics gathered by the extension are anonymous. The statistical information seems to contain information such as the number of times to display unsafe authentication information, the number of times alerts change password, and the web domain necessary to improve site compatibility.

3: Advice to avoid fatigue
Password Checkup is designed to warn you only when all the information necessary to access your account has been handed over to the attacker. You do not need to worry about expired passwords that have already been reset or security vulnerable passwords like "123456". At the time of article creation, Password Checkup will alert you only if both the user name and password have been compromised.

In addition, Password Checkup needs to contact Google about whether the user name and password were compromised. Therefore, it is necessary to ensure that information on other dangerous user names and passwords is not leaked in the process. In order to realize these, Password Checkup uses multiple hashing , k-anonymity and so on.

in Review,   Software,   Web Service,   Security, Posted by logu_ii