sb-as logo
Story image

Google's new Chrome feature warns about compromised logins

08 Feb 2019

This week Google released new measures in a bid to provide better security for its users’ data.

Announced in a blog post, the global giant asserts they’re always striving to ensure all data is secure, whether its users are consuming Google products or checking out their favourite websites and apps.

It’s two latest updates designed to keep data secure are Password Checkup, and Cross Account Protection.

Beginning with the former, Password Checkup is a Chrome extension that works to protect accounts from third-party data breaches by proactively detecting and responding to security threats.

The company already automatically resets the password on Google Accounts if it detects they may have been compromised in a third-party data breach (a measure the company asserts reduces the risk of an account being hacked by a factor of 10), but this feature operates is a little different.

With the Password Chrome Extension, Google can detect if a username and password combination on a site you use is one of over 4 billion credentials it knows have been exposed. It will then trigger an automatic warning and suggest that you change your password.

Of course, there is the issue then of where Google stores all this information, but the company says it has it covered.

“We built Password Checkup so that no one, including Google, can learn your account details. To do this, we developed privacy-protecting techniques with the help of cryptography researchers at both Google and Stanford University,” the blog reads.

“This is our first version of the Password Checkup, and we’ll be refining in the coming months. You can take advantage of these new protections right away by installing the extension.”

And now for Cross Account Protection. In a worst-case scenario measure where a hacker has been able to find their way into a Google Account, the company has a number of tools designed to get users back to safety. However, these protection methods haven’t extended to the apps that users sign into with Google Sign in.

“Cross Account Protection helps address this challenge. When apps and sites have implemented it, we’re able to send information about security events—like an account hijacking, for instance—to them so they can protect you, too.”

And again to protect user privacy, Google has designed the security events to be extremely limited, sharing only:

  • The fact that the security event happened

  • Basic information about the event like whether a user’s account was hijacked or Google forced a user to log back in because of suspicious activity

  • Information with apps where users have logged in with Google

“We created Cross Account Protection by working closely with other major technology companies, like Adobe, and the standards community at the Internet Engineering Task Force (IETF) and OpenID Foundation to make this easy for all apps to implement,” the blog post reads.

“With technologies like Password Checkup and Cross Account Protection, we're continuing to improve the security of our users across the internet, not just on Google. We'll never stop improving our defenses to keep you safe online.”

Of course, there are already a number of freely available services on the internet similar to Google's Password Checkup like Have I Been Pawned, the Identity Leak Checker and Firefox Monitor, that offer to check if your credentials or other personal details have been compromised in one of the numerous breaches that occur every year.

Story image
DDoS attacks a wake up call for complacent businesses - Imperva
When distributed denial of service attacks created mayhem around the world in August, they left many organisations scrambling to protect themselves.More
Story image
Microsoft is most imitated brand for phishing attacks in Q3
Popular phishing tactics using the Microsoft brand used email campaigns to steal credentials of Microsoft accounts, luring victims to click on malicious links which redirect them to a fraudulent Microsoft login page. More
Story image
The three-pronged security approach that confronts security breaches head-on
Having these three processes working in tandem is key to cushioning the blow of a breach - which, if insufficiently protected, can take on average 279 days to contain and costs an average of almost US$4 million.More
Story image
Lumen launches managed security services for APAC market
The new service is designed to provide enterprise businesses with a proactive, connected security strategy to enhance threat detection and protection across endpoints. More
Story image
Experiencing ransomware significantly impacts cybersecurity approach
"The survey findings illustrate clearly the impact of these near-impossible demands. Among other things, those hit by ransomware were found to have severely undermined confidence in their own cyber threat awareness."More
Story image
Why zero trust could fail due to lack of understanding​, not technology
Security architects are being forced to re-examine the concept of identity, with many turning to a zero trust security model to provide a better architecture for protecting their sensitive resources.More