Checking for password leaks in Google Chrome with Password Checkup

Any user who reads technology news from time to time comes across the information that another batch of passwords for users of some service has been leaked. These passwords are collected in a database and can be used later to more quickly crack the passwords of users of other services (read more about How your password can be cracked).

If you wish, you can check if your password is stored in such databases using special services, the most popular of which is haveibeenpwned.com. However, not everyone trusts these services because, in theory, they can also be filtered. However, Google has recently introduced an official password check extension for Google Chrome that allows users to automatically perform a leak check and offer to change the password if it is compromised.

Use the Google Password Checkup extension

The Password Checkup extension itself and how to use it is not difficult even for a novice user:

1. Download and install the Chrome extension from the official store https://chrome.google.com/webstore/detail/password-checkup/pncabnpcffmalkkjpajodfhijclecjno/
2. If you use an insecure password when logging in to any site, you will be prompted to change it.
3. In case everything is fine, you will see the corresponding notification by clicking on the green icon of the extension.

The password itself is not transmitted for verification, only its checksum is used (however, depending on the information available, the address of the site where it is entered may be transmitted to Google), and the last step of the verification it is done on your computer at all.

In addition, although Google has a large database of stolen passwords (more than 4.000 million), it does not fully match those found on other sites on the Internet.

Google promises to keep improving the extension in the future, but it could already be quite useful for many users who do not think about the fact that their username and password might not be so secure.

In the context of the topic at hand, you may be interested in:

And to end with something I've written more than once: don't use the same password on multiple sites (if the accounts on them are important to you), don't use short, simple passwords, and keep in mind that passwords as a set of numbers, 'first or last name with year of birth', 'some words and a couple of numbers', even when cleverly written in Russian in English arrangement and with a capital letter, is not at all something that can be considered reliable in current reality.