Technologist - The FindLaw Legal Technology Blog

This Chrome Extension Alerts You of Password Breach

Google has a new Chrome extension to protect users from password breaches.

The add-on for the Chrome browser automatically checks websites against known password breaches. The extension, called Password Check, is available now for free.

That's the easy part. The rest is Greek to everybody but geeks.

Password Checkup

Ars Technica explains it -- sort of:

"It securely checks credentials used to log in to websites -- whether they're manually entered or stored in Chrome's password manager -- against hashed credentials stored in an encrypted database of billions of compromised accounts maintained by Google," the ezine reports.

So it's another extension for the browser, like the Symantec Extension? Or is it more like the "managed certificates" in Chrome settings? You'll have to ask Google, or Kurt Thomas.

Thomas, a research scientist, says Password Checkup uses a combination of anonymization and cryptography to create a secret search key for Google's database. Credentials are anonymized with an Argon2 hash function and encrypted with Elliptic Curve cryptography.

Right.

What He Said

To really understand it, Ars Technica says you have to go deep into a backend database that contains information from password dumps in the underground market. That's where Google is constantly updating to guard against threats of data breach.

So it's really a battle against hackers on the Dark Web. Password Checkup is really a tool against evil.

Why didn't Chrome just call it that? "Tool Against Evil," we can all understand that. Right?

Related Resources: