Content, Security Program Controls/Technologies

Google Chrome Password Checkup Extension: What MSSPs Need to Know


Google has launched Password Checkup, a Google Chrome extension that notifies end users if their username and password were previously exposed in a data breach.

Password Checkup automatically warns a Chrome user if it finds that his or her credentials were previously compromised during a data breach, according to Google. It then prompts a Chrome user to reset his or her password.

How Does Password Checkup Work?

Password Checkup uses a four-step process to safeguard Chrome users' credentials:

  1. If Google discovers a Chrome username and password exposed during a data breach, the company stores a hashed and encrypted copy of this information in its database of more than 4 billion compromised credentials.
  2. When a Chrome user logs into his or her account, Password Checkup sends a hashed and encrypted copy of this individual's account information to Google.
  3. Google uses private set intersection with blinding to search its database of unsafe usernames and passwords; private set intersection with blinding ensures a Chrome user's credentials are not exposed during this process.
  4. Google performs a local search to determine if a Chrome user's credentials were exposed in a data breach. If Google finds a Chrome user's credentials were compromised, it alerts this individual to change his or her password immediately.

Password Checkup is now available free of charge.

How to Find Out If Your Personal Information Has Been Compromised

In addition to Password Checkup, Have I Been Pwned offers a free online resource that enables people to find out if their personal information was compromised during a data breach.

Have I Been Pwned collects and analyzes database dumps and pastes that include information about leaked accounts. It also allows users to enter a username or email address, search their own information and find out if this information was exposed in a data breach.

Dan Kobialka

Dan Kobialka is senior contributing editor, MSSP Alert and ChannelE2E. He covers IT security, IT service provider business strategies and partner programs. Dan holds a M.A. in Print and Multimedia Journalism from Emerson College and a B.A. in English from Bridgewater State University. In his free time, Dan enjoys jogging, traveling, playing sports, touring breweries and watching football.