UPDATED 14:40 EST / FEBRUARY 05 2019

SECURITY

With new security tools, Google looks to reduce the impact of data breaches

Google LLC wants to make the web a little safer by alerting consumers if one of their online accounts is compromised in a data breach.

The core component of the company’s plan is Password Checkup, a free extension for Chrome that it launched today. The add-on detects when a user logs into a website and checks the credentials they enter against a database of accounts known to have been compromised by hackers.

Google maintains a repository of more than 4 billion exposed account credentials that it updates whenever a new batch of records surfaces on the web. Data leaks of this nature have become alarmingly common over recent years, partially thanks to the emergence of large-scale cyberattacks in which hackers steal millions of login details at a time. Traditional companies and major tech firms alike have shown to be vulnerable to such breaches.

When Password Checkup detects an account that has been exposed in a cyberattack, it notifies the user of the issue and asks the person to change the password. This process requires the extension to capture login credentials, a sensitive task that Google said is handled with the appropriate level of care.

Password Checkup uses specialized security mechanisms that the search giant has built in collaboration with Stanford University. The extension anonymizes and encrypts login details before sending them to Google, which prevents hackers from intercepting them. Once on Google’s servers, credentials are compared against its database of compromised accounts through a method that hides the database’s contents to prevent potential abuse.

The company’s plans for this technology extend beyond Password Checkup. Google reportedly intends to release a paper detailing the security methods used in the add-on, which should enable other companies to incorporate them into their applications.

Alongside the extension, Google today announced a security capability called Cross Account Protection that aims to provide better protection for its own users against hackers. Specifically, the feature is meant to mitigate the amount of harm attackers can do if they somehow get access to a Google account.

The search giant already provides several ways for users to recover compromised accounts and resets passwords if they’re exposed online. However, those tools don’t extend to outside services that are connected to a person’s Google account. Cross Account Protection notifies connected applications of security breaches and suspicious activity so their built-in security mechanisms can respond appropriately.

Photo: Stock Catalog/Flickr

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU