Large scale hacks of people’s passwords and credentials are becoming increasingly common – just a few weeks back, a database of more than 773 million email addresses and passwords was leaked online, and made available to potentially ill-intentioned groups. And every time this occurs, it puts your accounts at risk, which, given the rising influence of digital platforms on our day-to-day lives, also has ever more potential to cause major disruption.
And unfortunately, there’s no way of knowing which group’s databanks will be breached next.
The most important action you can take in most of these situations is to change your passwords – but many people don’t, overlooking this step in favor of simplicity. But what if there was a way that you could be alerted to the fact that your password was vulnerable, a safe way in which you could be notified that your credentials were included in one of the many leaks?
That’s what Google has sought to create with its new Password Checkup Chrome extension, which, when you use a password online, will scan through the hacked databases and alert you if your password is listed.
Of course, that means that Google has to also store your password, another potential vulnerability in itself, right?
Not so – according to Google, there’s a complex system in place here which will ensure that your password data is ‘impenetrable’.
“At a high level, Password Checkup needs to query Google about the breach status of a username and password without revealing the information queried. At the same time, we need to ensure that no information about other unsafe usernames or passwords leaks in the process, and that brute force guessing is not an option. Password Checkup addresses all of these requirements by using multiple rounds of hashing, k-anonymity, private information retrieval, and a technique called blinding.”
There’s a lot of technical terminology in the full rundown, but Google has also provided an infographic overview of the process.
Note that ‘strongly hashed and encrypted’ is repeated through the steps, underlining that additional measures.
Not everyone will feel reassured by this, but Google’s reputation will likely mean that most users will be okay with using the extension. And it could well be worth it – updating your password in time could make a huge difference to your online security, particularly if you’re among those who’ve kept the same passwords since they first logged-in online many years back.
Of course, there are other password options, like 1Password, and tools which offer additional online safety. But again, they require reliance on another database, which, potentially, could also be hacked. Google’s system doesn’t store your details, and only sends alerts, which may be more helpful for many.
Your view on digital safety more broadly will dictate how you approach this tool, but it’s an interesting addition, and a worthy consideration to help secure your increasingly valuable digital identity.