Verification in two steps, use strong passwords, do not repeat the same password in different services … We know the theory well but we ignore a fundamental fact that jeopardizes the integrity of our data: knowing if the password we used has been previously hacked and circulate through the forums of the deep web. In this sense, Google has wanted to provide an additional layer of security by means of an extension for its Chrome browser that will check in real time if the credentials introduced have been compromised in any attack of the hackers.
This extension has been baptized as Password Checkup and once installed in Chrome, it remains vigilant in the background, before the information entered. Basically, what Google does is collate our credentials with those that are known to have already been violated in one of the multiple attacks by the hackers. If the crossing of information is positive, that is, that our access data has been compromised in another attack, the system alerts us of this circumstance and urges to change the password immediately.
To safeguard the user's information, this analysis is carried out locally, on the computer on which the user is installed. plugin, and with the data at all times encrypted. Google has in its database -permanently updated- with more than 4,000 million records considered vulnerable and that are susceptible to a new attack. In addition to this measure, the giant of Mountain View remembers that once he knows that a credential hacked in another service is used in some of its systems, it changes its password automatically informing the user of it. This simple action, in itself, greatly reduces the possibility of the attack, but now wants to extend this option to the rest of the websites outside its servers.
The Chrome extension is not new in its functionality: services like 1Password already incorporate a inspector that alerts of the vulnerability of a password and that has been compromised; However, having this information in such an automated and immediate way when being in the browser itself, increases its effectiveness enormously. At the moment, this additional security layer is available to users of Chrome Y Firefox, that simply they will have to install the extensions in the respective navigators and forget about the subject, except that an alert, of course, jumps. We must keep our backs until the expected End of passwords.