Google Chrome Password Security
Google Chrome has now introduced a new feature that alerts users if any of their login credentials have been compromised in a data breach and will recommend when a password change is necessary.
When a user enters their username and password into a website, Chrome will now check these credentials against a database of compromised credentials collected from across the internet and dark web. Thwarting cyber criminals’ ability to make use of stolen login info, the feature will hopefully allow users to change their credentials before accounts can be compromised and exploited.
Having first introduced a similarly functioning extension earlier this year, this feature has been integrated into the companies widely used browser in a push to help protect users’ information security.
How it Works
When usernames and passwords are exposed by a data breach, Chrome stores a strongly hashed and encrypted copy of the data. When entering your credentials into a website, Password Checkup will generate a hash of your credentials and essentially cross-reference these strings of characters. A process by which Google does not gain access to your usable login information but does inform you if somebody else can.
The browser already has plenty of methods of protecting users against information security attacks, including the ‘Safe Browsing’ feature which works to block users from accessing known phishing or unsafe websites. The Safe Browsing ‘black-list’ is refreshed every 30 minutes and again utilises technology to protect users from attacks, yet despite these precautions, no browser can full protect against these cyber-security threats.
Although browser features such as this can greatly help with users’ cyber-security, there are plenty of ways that users can help to protect their accounts and information security. To help secure your accounts, here are our top three tips to ensure password security and information confidentiality:
Top 3 Password Security Tips
Choose a Strong Password
When it comes to most breaches, what’s often stolen is not plaintext passwords but hashes. Companies typically store only these hashes which allow for logins without the need for passwords to be stored in a potentially compromising way.
Depending on the strength of the hashing processes, hackers seeking to ‘crack’ these hashes may have their work cut out for them. By using a strong password, the time it would take to crack your password, it would be either impossible, or implausibly practical for hackers to do so.
Without knowing the processes or protections that organisations necessarily take with your information, individuals should take the initiative and choose as secure passwords as possible, thus protecting against ‘brute force’ and ‘dictionary’ attacks.
When choosing a password, use a combination of 4 novel and unrelated words e.g. ToasterLemonFasterFlying. Though it may seem like a simple rule, the sheer amount of potential combinations is astronomical, and thus very difficult for a computer to break or an individual to guess.
The general wisdom in this area is that by reusing your passwords across multiple accounts, you effectively reduce the security of all your accounts to that of the weakest. Meaning if one of those companies who you have an account with has a plaintext password compromise, it’s likely attackers will use that password in combination with other accounts associated with you.
Unless you have a superhuman memory, the prospect of remembering multiple novel passwords may seem daunting, which is why a reliable password manager is likely necessary. Keeping passwords all in one place may seem counter intuitive, but again, providing it is well protected (with your strongest password) a password manager helps bolster your personal information security.
Look out for Breaches
Though there are many ways of making your password as secure as possible, you are often reliant on the information security of other parties to keep your passwords safe. The sad reality is that data breaches happen all the time, and though these rarely contain plain text passwords, it’s worth making sure that you keep an eye out for compromises.
This new Google Chrome feature will undoubtedly do much of this work for you, but if you’re using other browsers that lack this capability, it may be worth occasionally checking out a site such as Have I Been Pwned. Utilising methods similar to that of Google Chrome, HIBP scans the internet for dumps, breaches and compromised account details. Currently cross-checking almost 10 billion ‘pwned’ accounts, simply enter your email and the website will tell you if you’re at risk.
Though there are plenty of technological and practical steps you can take to help improve your personal and organisational information security, building a security aware culture is the best method to defend against compromises, breaches and attacks.
If you’d like to learn more about how Hut Six information security awareness training can build a secure culture and strengthen your defences against attacks, click the link below.
Security Awareness for your Organisation
Enjoyed our blog? Learn more about how Hut Six can help improve you security awareness with training and simulated phishing. Start a free trial now, or book a meeting with one of our experts.
What is pseudonymisation, and why it important to GDPR compliance? Blog from information security awareness training provider Hut Six.
An extremely serious Windows 10 Security Flaw has been exposed by the NSA. Blog by cyber security awareness training provider Hut Six.
How safe is WiFi? Use these WiFi safety tips to help keep you secure online. Blog from cyber security awareness training provider Hut Six.
Travelex enters its third week of shutdown at the hands of a ransomware attack. Cyber Security blog by cyber security awareness training provider Hut Six.
Malware is a persistent threat that can affect every aspect of our digital lives. Identifying, avoiding and removing it are essential to your information security.
How can simulated phishing attacks improve your organisation's security awareness? Blog from information security awareness training provider Hut Six.
The CIA triad consists of three principles upon which professionals typically focus. Blog by Information Security awareness training provider Hut Six.
Will Certificate Transparency Help to Rebuild Confidence in Certificate Authorities? Blog by information security training provider Hut Six Security
In 2018 it was discovered thousands of websites had been hijacked by crypto-mining code, known as a "Cryptojacking" attack. Including UK Gov and ICO websites.
Spear Phishing Part 3: With 50% of receivers clicking on an attachment or link, users are 10 times more likely to make this mistake than with generic phishing emails.