Story image

Google's new Chrome feature warns about compromised logins

08 Feb 2019

 

This week Google released new measures in a bid to provide better security for its users’ data.

Announced in a blog post, the global giant asserts they’re always striving to ensure all data is secure, whether its users are consuming Google products or checking out their favourite websites and apps.

It’s two latest updates designed to keep data secure are Password Checkup, and Cross Account Protection.

Beginning with the former, Password Checkup is a Chrome extension that works to protect accounts from third-party data breaches by proactively detecting and responding to security threats.

The company already automatically resets the password on Google Accounts if it detects they may have been compromised in a third-party data breach (a measure the company asserts reduces the risk of an account being hacked by a factor of 10), but this feature operates is a little different.

With the Password Chrome Extension, Google can detect if a username and password combination on a site you use is one of over 4 billion credentials it knows have been exposed. It will then trigger an automatic warning and suggest that you change your password.

Of course, there is the issue then of where Google stores all this information, but the company says it has it covered.

“We built Password Checkup so that no one, including Google, can learn your account details. To do this, we developed privacy-protecting techniques with the help of cryptography researchers at both Google and Stanford University,” the blog reads.

“This is our first version of the Password Checkup, and we’ll be refining in the coming months. You can take advantage of these new protections right away by installing the extension.”

And now for Cross Account Protection. In a worst-case scenario measure where a hacker has been able to find their way into a Google Account, the company has a number of tools designed to get users back to safety. However, these protection methods haven’t extended to the apps that users sign into with Google Sign in.

“Cross Account Protection helps address this challenge. When apps and sites have implemented it, we’re able to send information about security events—like an account hijacking, for instance—to them so they can protect you, too.”

And again to protect user privacy, Google has designed the security events to be extremely limited, sharing only:

  • The fact that the security event happened

  • Basic information about the event like whether a user’s account was hijacked or Google forced a user to log back in because of suspicious activity

  • Information with apps where users have logged in with Google

“We created Cross Account Protection by working closely with other major technology companies, like Adobe, and the standards community at the Internet Engineering Task Force (IETF) and OpenID Foundation to make this easy for all apps to implement,” the blog post reads.

“With technologies like Password Checkup and Cross Account Protection, we're continuing to improve the security of our users across the internet, not just on Google. We'll never stop improving our defenses to keep you safe online.”

Of course, there are already a number of freely available services on the internet similar to Google's Password Checkup like Have I Been Pawned, the Identity Leak Checker and Firefox Monitor, that offer to check if your credentials or other personal details have been compromised in one of the numerous breaches that occur every year.

Thycotic debunks top Privileged Access Management myths
Privileged Access encompasses access to computers, networks and network devices, software applications, digital documents and other digital assets.
Veeam reports double-digit Q1 growth
We are now focussed on an aggressive strategy to help businesses transition to cloud with Backup and Cloud Data Management solutions.
Paving the road to self-sovereign identity using blockchain
Internet users are often required to input personal information and highly-valuable data from contact numbers to email addresses to make use of the various platforms and services available online.
Tech Data to distribute Nutanix backup solution in A/NZ
Tech Data will distribute HYCU Data Protection for Nutanix backup and recovery software to their network of partners across Australia and New Zealand.
Veeam releases v3 of its MS Office backup solution
One of Veeam’s most popular solutions, Backup for Office 365, has been upgraded again with greater speed, security and analytics.
Too many 'critical' vulnerabilities to patch? Tenable opts for a different approach
Tenable is hedging all of its security bets on the power of predictive, as the company announced general available of its Predictive Prioritisation solution within Tenable.io.
Safety solutions startup wins ‘radical generosity’ funding
Guardian Angel Security was one of five New Zealand businesses selected by 500 women (SheEO Activators) who contributed $1100 each.
Industrial control component vulnerabilities up 30%
Positive Technologies says exploitation of these vulnerabilities could disturb operations by disrupting command transfer between components.