With new security tools, Google looks to reduce the impact of data breaches
Google LLC wants to make the web a little safer by alerting consumers if one of their online accounts is compromised in a data breach.
The core component of the company’s plan is Password Checkup, a free extension for Chrome that it launched today. The add-on detects when a user logs into a website and checks the credentials they enter against a database of accounts known to have been compromised by hackers.
Google maintains a repository of more than 4 billion exposed account credentials that it updates whenever a new batch of records surfaces on the web. Data leaks of this nature have become alarmingly common over recent years, partially thanks to the emergence of large-scale cyberattacks in which hackers steal millions of login details at a time. Traditional companies and major tech firms alike have shown to be vulnerable to such breaches.
When Password Checkup detects an account that has been exposed in a cyberattack, it notifies the user of the issue and asks the person to change the password. This process requires the extension to capture login credentials, a sensitive task that Google said is handled with the appropriate level of care.
Password Checkup uses specialized security mechanisms that the search giant has built in collaboration with Stanford University. The extension anonymizes and encrypts login details before sending them to Google, which prevents hackers from intercepting them. Once on Google’s servers, credentials are compared against its database of compromised accounts through a method that hides the database’s contents to prevent potential abuse.
The company’s plans for this technology extend beyond Password Checkup. Google reportedly intends to release a paper detailing the security methods used in the add-on, which should enable other companies to incorporate them into their applications.
Alongside the extension, Google today announced a security capability called Cross Account Protection that aims to provide better protection for its own users against hackers. Specifically, the feature is meant to mitigate the amount of harm attackers can do if they somehow get access to a Google account.
The search giant already provides several ways for users to recover compromised accounts and resets passwords if they’re exposed online. However, those tools don’t extend to outside services that are connected to a person’s Google account. Cross Account Protection notifies connected applications of security breaches and suspicious activity so their built-in security mechanisms can respond appropriately.
Photo: Stock Catalog/Flickr
Since you’re here …
Show your support for our mission with our one-click subscription to our YouTube channel (below). The more subscribers we have, the more YouTube will suggest relevant enterprise and emerging technology content to you. Thanks!
Support our mission: >>>>>> SUBSCRIBE NOW >>>>>> to our YouTube channel.
… We’d also like to tell you about our mission and how you can help us fulfill it. SiliconANGLE Media Inc.’s business model is based on the intrinsic value of the content, not advertising. Unlike many online publications, we don’t have a paywall or run banner advertising, because we want to keep our journalism open, without influence or the need to chase traffic.The journalism, reporting and commentary on SiliconANGLE — along with live, unscripted video from our Silicon Valley studio and globe-trotting video teams at theCUBE — take a lot of hard work, time and money. Keeping the quality high requires the support of sponsors who are aligned with our vision of ad-free journalism content.