Receive a warning when using pwned passwords!

A new extension has just been made available for Google Chrome named Password Checkup. With this extension installed and active, you will be warned if you try to log in to your Google account using an email address and a password that might be known to the public as a result of the large databreaches seen from time to time.

Make sure to use only safe passwords with your accounts.
Make sure to use only safe passwords with your accounts.

The application is produced by Google, and it will automatically check the passwords in use to see if they are on the list of for example, Have I been Pwned. Just a few weeks ago we got news of the biggest data breach ever in history, leaking even more email addresses and passwords than ever before. Those data can already be found in the register mentioned, and if you try to use a combination that is registered as “leaked” you will be warned by this extension that is now available for Google Chrome.

How does the application work?

According to the official description, this is what the application will do for you.

Password Checkup helps you resecure accounts that were affected by data breaches. Wherever you sign-in, if you enter a username and password that is no longer safe due to appearing in a data breach known to Google, you’ll receive an alert. Please reset your password. If you use the same username and password for any other accounts, please reset your password there as well.

I have tried the application myself, but I cannot get the application to warn me, as all my passwords are changed and none of them seem to be powned… but this sounds like a good way of helping people to secure their passwords.

A warning from the Password Checker in Google Chrome - not my own screenshot...
A warning from the Password Checker in Google Chrome – not my own screenshot…

But, a question I ask myself, is whether those people who still use such powned passwords ever will install this application? I believe the security freaks who will install such an application are those who have already changed all passwords, making them well protected against such hacks. Those who do not care or do not know about it, are those who will never install this Chrome extension either.

What do you think?

You might know that a VPN will help you stay safe online, but if you use weak passwords and identical passwords on all websites you visit, you should not be surprised if someone will ever be able to take advantage of that. But, a VPN will still help you keep your private passwords to yourself, at least as long as you visit normal and secured websites. If you use a VPN, your passwords that are transmitted and shared on open and unprotected websites can still be hacked and copied. That is not because of the VPN, but because you do not take care and share your data on websites where you shouldn’t do so. But, if you use a public WiFi, the VPN will help your data stay safe and protected from your computer all the way till the end, as long as the websites you actually visit aren’t hacked and spoofing you, or being fake websites out there to steal your confidential data.

What does this look like in practice?

Let us say that you want to visit the cryptocurrency exchange Binance. But, instead of visiting Binance.com, you end up visit a site named binnanncce.com (this isn’t a real address, just an example). The owners of the latter site are hackers and they have created an identical copy of the Binance site, so that visitors going that way will believe that they are at the actual Binance website. You haven’t noticed the URL mistake, and thus you try to log in using your email address and your password. From that moment on, your email address and password combination has been registered by the hackers, and if you use the same password to check your email, the hackers can both access your Binance account and your email address. Hopefully, you have activated 2FA, meaning that they will not be able to send funds from your Binance account, but still – this is a dangerous step. A VPN cannot protect you against stupidity and errors such as this one, but it will still help you keep safe by not unveiling your data as you visit the real Binance website using an open and unprotected WiFi network somewhere.

What can you do about all those strange passwords?

But, it is a mess if you are going to use different passwords everywhere, and that is why most people should use a Password tool of some sort that will keep all their passwords in order and that will remember all those crazy long passwords with all sorts of signs instead of you.

Leave a Reply