Story image

Google's new Chrome feature warns about compromised logins

08 Feb 2019

 

This week Google released new measures in a bid to provide better security for its users’ data.

Announced in a blog post, the global giant asserts they’re always striving to ensure all data is secure, whether its users are consuming Google products or checking out their favourite websites and apps.

It’s two latest updates designed to keep data secure are Password Checkup, and Cross Account Protection.

Beginning with the former, Password Checkup is a Chrome extension that works to protect accounts from third-party data breaches by proactively detecting and responding to security threats.

The company already automatically resets the password on Google Accounts if it detects they may have been compromised in a third-party data breach (a measure the company asserts reduces the risk of an account being hacked by a factor of 10), but this feature operates is a little different.

With the Password Chrome Extension, Google can detect if a username and password combination on a site you use is one of over 4 billion credentials it knows have been exposed. It will then trigger an automatic warning and suggest that you change your password.

Of course, there is the issue then of where Google stores all this information, but the company says it has it covered.

“We built Password Checkup so that no one, including Google, can learn your account details. To do this, we developed privacy-protecting techniques with the help of cryptography researchers at both Google and Stanford University,” the blog reads.

“This is our first version of the Password Checkup, and we’ll be refining in the coming months. You can take advantage of these new protections right away by installing the extension.”

And now for Cross Account Protection. In a worst-case scenario measure where a hacker has been able to find their way into a Google Account, the company has a number of tools designed to get users back to safety. However, these protection methods haven’t extended to the apps that users sign into with Google Sign in.

“Cross Account Protection helps address this challenge. When apps and sites have implemented it, we’re able to send information about security events—like an account hijacking, for instance—to them so they can protect you, too.”

And again to protect user privacy, Google has designed the security events to be extremely limited, sharing only:

  • The fact that the security event happened

  • Basic information about the event like whether a user’s account was hijacked or Google forced a user to log back in because of suspicious activity

  • Information with apps where users have logged in with Google

“We created Cross Account Protection by working closely with other major technology companies, like Adobe, and the standards community at the Internet Engineering Task Force (IETF) and OpenID Foundation to make this easy for all apps to implement,” the blog post reads.

“With technologies like Password Checkup and Cross Account Protection, we're continuing to improve the security of our users across the internet, not just on Google. We'll never stop improving our defenses to keep you safe online.”

Of course, there are already a number of freely available services on the internet similar to Google's Password Checkup like Have I Been Pawned, the Identity Leak Checker and Firefox Monitor, that offer to check if your credentials or other personal details have been compromised in one of the numerous breaches that occur every year.

Exclusive: Ping Identity on security risk mitigation
“Effective security controls are measured and defined by the direct mitigation of inherent and residual risk.”
CylancePROTECT now available on AWS Marketplace
Customers now have access to CylancePROTECT for AI-driven protection across all Windows, Mac, and Linux (including Amazon Linux) instances.
D-Link A/NZ launches new home wireless surveillance kit
The Omna Wire-Free Full HD cameras and accompanying Wi-Fi Hub offer a number of new features, including Alexa/Assistant support.
CSOs - are you prepared for cloud cryptojacking?
A recent report found that almost half of the organisations surveyed have malware in one of their cloud applications.
Cryptomining apps discovered on Microsoft’s app store
It is believed that the eight apps were likely developed by the same person or group.
WhatsApp users warned to change voicemail PINs
Attackers are allegedly gaining access to users’ WhatsApp accounts by using the default voicemail PIN to access voice authentication codes.
Swiss Post asks public to hack its e-voting system
Switzerland’s postal service Swiss Post is inviting keen-eyed security experts and white hats to hack its e-voting system.
Spoofs, forgeries, and impersonations plague inboxes
It pays to double check any email that lands in your inbox, because phishing attacks are so advanced that they can now literally originate from a genuine sender’s account – but those emails are far from genuine.