Generally speaking, people suck at keeping their passwords secure.
I know, I know. I’ve said this before many times.
But year in, year out, the same bad passwords crop up in leaked lists, because human beings are, for the most part, creatures of convenience.
If there’s an easier way to do something, most of the time we’ll do it. That leads to poor password routines, such as using the same password on multiple sites. That’s a big problem, because if your password on one service is compromised, it’s trivially easy for miscreants to code up a script that slams that password and your email against countless sites, just to see what happens. If you use the same password for a service that’s worth money, or as a gateway to your identity, you could quickly be in trouble.
Google recently announced a new official extension for its Chrome browser that should make it a little easier to detect if you’re using a password that may already be compromised. The Google Password Checkup Chrome extension checks passwords as you enter them against known breach databases, so it can alert you if you’re using a password that’s already been compromised. With that knowledge, you can then rapidly change that password for something else, and hopefully keep yourself more secure.
Installation is pretty easy — all you have to do is install it as an extension via the Chrome web store, either by searching for Password Checkup, or directly from this link.
Once installed, you’ll end with with a small green icon next to the URL bar. Click on it, and it will check if any of the passwords you’ve stored in Chrome are known to be compromised. Google says it’s using its own database, rather than the publicly available repositories such as those found at haveibeenpwned.com, so its results may be a little different.
For its part, Google says that the extension itself doesn’t store your passwords, or share them with Google in any way. However, the way that it works is via the passwords that you choose to save within Chrome itself, so it’s still doing a level of data analysis in order to work out if you’re at risk.
You’d have to take that as a matter of trust, although fairly obviously it’s in Google’s best interests to have consumers happy with using Chrome in a safe manner.
As a free extension, it’s a case, I think, of some security being better than none. That’s not quite the same thing as saying that all you should consider is installing the Password Checkup extension and considering your Internet security as a “fixed” matter. As always, where there’s money involved, whether it’s directly siphoning your bank accounts or compromising your credit via identity theft, there will always be a new approach and something to be wary of.
A password checking extension is a good start, but you should also consider ensuring that your general password hygiene is as sparkly clean as it can be.
I’d still advocate strongly for the use of a password management application such as Lastpass, Dashlane, Keepass or 1Password, simply because those provide a much more robust toolset for managing, changing and monitoring your entire password set.
They’ll even help you create truly random passwords if you do fear that an existing password may have been compromised. Some are paid, and some offer their services for free, so there’s really not much of a reason not to make yourself as secure as possible while you’re working (or playing) online.