Google has launched a new Chrome extension that warns you if your login credentials for any website have been involved in a data dump from other services.
Password Checkup, as the extension is called, sits in your browser waiting for you to log into any website. If it detects that your username and password combination are unsafe, due to their appearance on some internet data dumping ground, it will tell you that you should change the password.
It’s worth noting that to secure its own services Google has already worked to thwart credential dumps. As part of that effort, the company may reset Google Account passwords if someone has reused a username or password on another site that has been subsequently hacked. But now it’s doing the same thing for third-party sites.
Warding off data-privacy questions this new tool could raise, Google is quick to point out that it developed Password Checkup in conjunction with “cryptography experts” from Stanford University. This step was taken to ensure that “Google never learns your username or password, and that any breach data stays safe from wider exposure,” according to a company blog post.
A number of services already exist to warn you if your login credentials have been leaked. Have I Been Pwned? (HIBP), for example, offers a database of breaches that allows you to check whether one of your online accounts has been compromised. Mozilla recently partnered with HIBP for Firefox Monitor, which serves as a rebranded version of the main HIBP database. And there are other similar extensions out there, such as PassProtect, which searches the HIBP database for previous breaches involving your credentials.
But Google is Google, and anything it develops is likely to gain far more exposure as a result.