Google Chrome Password Security

Google Chrome has now introduced a new feature that alerts users if any of their login credentials have been compromised in a data breach and will recommend when a password change is necessary.

Compromised Accounts

When a user enters their username and password into a website, Chrome will now check these credentials against a database of compromised credentials collected from across the internet and dark web. Thwarting cyber criminals’ ability to make use of stolen login info, the feature will hopefully allow users to change their credentials before accounts can be compromised and exploited.

Having first introduced a similarly functioning extension earlier this year, this feature has been integrated into the companies widely used browser in a push to help protect users’ information security.

How it Works

When usernames and passwords are exposed by a data breach, Chrome stores a strongly hashed and encrypted copy of the data. When entering your credentials into a website, Password Checkup will generate a hash of your credentials and essentially cross-reference these strings of characters. A process by which Google does not gain access to your usable login information but does inform you if somebody else can.

The browser already has plenty of methods of protecting users against information security attacks, including the ‘Safe Browsing’ feature which works to block users from accessing known phishing or unsafe websites. The Safe Browsing ‘black-list’ is refreshed every 30 minutes and again utilises technology to protect users from attacks, yet despite these precautions, no browser can full protect against these cyber-security threats.

Although browser features such as this can greatly help with users’ cyber-security, there are plenty of ways that users can help to protect their accounts and information security. To help secure your accounts, here are our top three tips to ensure password security and information confidentiality:

Top 3 Password Security Tips

Choose a Strong Password

When it comes to most breaches, what’s often stolen is not plaintext passwords but hashes. Companies typically store only these hashes which allow for logins without the need for passwords to be stored in a potentially compromising way.

Depending on the strength of the hashing processes, hackers seeking to ‘crack’ these hashes may have their work cut out for them. By using a strong password, the time it would take to crack your password, it would be either impossible, or implausibly practical for hackers to do so.

Without knowing the processes or protections that organisations necessarily take with your information, individuals should take the initiative and choose as secure passwords as possible, thus protecting against ‘brute force’ and ‘dictionary’ attacks. 

When choosing a password, use a combination of 4 novel and unrelated words e.g. ToasterLemonFasterFlying. Though it may seem like a simple rule, the sheer amount of potential combinations is astronomical, and thus very difficult for a computer to break or an individual to guess.

Don’t Reuse

The general wisdom in this area is that by reusing your passwords across multiple accounts, you effectively reduce the security of all your accounts to that of the weakest. Meaning if one of those companies who you have an account with has a plaintext password compromise, it’s likely attackers will use that password in combination with other accounts associated with you.

Unless you have a superhuman memory, the prospect of remembering multiple novel passwords may seem daunting, which is why a reliable password manager is likely necessary. Keeping passwords all in one place may seem counter intuitive, but again, providing it is well protected (with your strongest password) a password manager helps bolster your personal information security.

Look out for Breaches

Though there are many ways of making your password as secure as possible, you are often reliant on the information security of other parties to keep your passwords safe. The sad reality is that data breaches happen all the time, and though these rarely contain plain text passwords, it’s worth making sure that you keep an eye out for compromises.

This new Google Chrome feature will undoubtedly do much of this work for you, but if you’re using other browsers that lack this capability, it may be worth occasionally checking out a site such as Have I Been Pwned. Utilising methods similar to that of Google Chrome, HIBP scans the internet for dumps, breaches and compromised account details. Currently cross-checking almost 10 billion ‘pwned’ accounts, simply enter your email and the website will tell you if you’re at risk.

Though there are plenty of technological and practical steps you can take to help improve your personal and organisational information security, building a security aware culture is the best method to defend against compromises, breaches and attacks.

Awareness Training

If you’d like to learn more about how Hut Six information security awareness training can build a secure culture and strengthen your defences against attacks, click the link below.