On the occasion of Safer Internet Day, Google has taken the initiative to warn the netizens if any of their login credentials have been compromised on the Internet. They are doing it with an extension made exclusively for Google Chrome called Password Checkup. Today, we will be learning more about it in this article.
Google Password Checkup Chrome extension
“We built Password Checkup so that no one, including Google, can learn your account details. To do this, we developed privacy-protecting techniques with the help of cryptography researchers at both Google and Stanford University.”
Once you have downloaded it and installed it, you will see its icon as a Green Shield on the top right corner of the screen.
Whenever you use your credentials to log in to a particular website or a service, the extension will compare it to the database of the breached services and the compromised credentials which Google maintains.
When you use your browser with the given extension installed to log in to a website or a web service, it converts the username and password into an Argon2 hash. The prefix of the Argon2 hash of the size of 2 bytes is partitioned to the database. The rest of the part of the Argon2 hash is encrypted using the Elliptic curve encryption.
Now, when you log in to a website using the stored credentials, a strongly hashed and encrypted copy of those credentials to their servers. This ensures that your credentials cannot be read by Google.
Using the blinding and private information retrieval technique, these credentials will be matched with the database without revealing the credentials to anyone.
[Click image to see larger view]
The final check is done locally on the computer and if the credentials seem to be exposed, the extension icon turns to red and hence you are alerted to change your password.
Cross Account Protection
Google has also announced Cross Account Protection, a new feature which will send information about security events like hijacking from various websites and apps that have implemented this feature to keep your account safe.
Google lists the following security events regarding Cross Account Protection-
- We only share the fact that the security event happened.
- We only share basic information about the event, like whether your account was hijacked, or if we forced you to log back in because of suspicious activity.
- We only share information with apps where you have logged in with Google.
Let us know what you think of these tools.