Chrome warns you if your password was stolen, according to Google’s announcement. So, Google will alert users if their credentials were compromised. The new feature was integrated into Google Accounts. Thus, users have an easy way to check if their login credentials are weak or used in multiple accounts. Now, everyone logged in Chrome has this feature. The company mentioned that it hashes and encrypts usernames and password. So, not even the company is able to derive them from the encrypted copy.
How it works
When Google discovers a username and password exposed by a company’s data breach, it stores a hashed and encrypted copy. At this stage, the secret key is only at Google. When a user signs in to a website, Chrome sends the hashed copy of the credentials with a secret key only known to Chrome.
In order to decide if the username and password appear in any breach, Chrome uses the private set intersection with blinding which involves multiple layers of encryption. Thus, Google can compare the encrypted username and password with all of the encrypted breached usernames and passwords. Still, the company said it would not reveal them or any information about them.
The user is the only one who can discover if the username and password have been compromised. Chrome will tell the user about this issue and will strongly encourage the user to change the password.
Real time phishing protection
Besides the fact that Chrome warns if your password was stolen, the new security enhancement also includes real-time protection against phishing. Users can control it in the “Settings” tab, under “Sync and Google services”. According to the company, some phishing sites slip through the 30-minute refresh window of its phishing protection. This happens by switching domains very quickly or by hiding from Google’s crawlers. It is the moment when real-time phishing protection comes in.
The new feature is initially available to users who have already opted-in to “Make searches and browsing better” setting in Chrome.