A new extension on Chrome triggers an alert when a password is breached. But the application uses personal information. Is the new Chrome extension to protect passwords really secure?
Google wants to prevent outdated passwords from causing harm to their users. The newest feature: the Password Checkup extension. Once installed, it will automatically notify the user if they enter a user name and password that the browser “recognizes” as compromised. It will then propose the user to change the code.
In its press release of February 5, 2019, Google promises that its extension “will only issue an alert if all the information necessary to access your account has got into the wrong hands. We will not bother you with outdated or weak passwords.”
Password Checkup can track down compromised passwords using a database. Now, this database extensions would have “four billion identifiers that Google is certain are not secure”. Once the surprising astronomical figure is over, we are now able to see that the Californian company has collected all this compromised data in its database extension so that it can work.
What is the issue?
Knowing that Google uses four billion unsecured identifiers, even with the idea of protecting linked accounts, can be daunting. The company claims that the extension “never reveals personal information”. And that “many programs are used to guarantee anonymity”. These assurances may seem limited. When you consider the number of security breaches that have affected large companies in recent years.
The extension needs to let you permanently know if your current passwords have been compromised. This means that it retains the new identifiers each time. By keeping so much personal data on a single database can be hazardous. Even if Password Checkup is convenient, this fact should not be forgotten when using it.