Password Checkup extension verifies passwords with a database of 4 billion compromised accounts



    Recently, hackers posted open access to collections No. 1-5  - a total of about 2.7 billion accounts with passwords (magnet links: collection No. 1 , collection No. 2-5 ). These passwords have been collected for many years from all available sources, including from Russian sites. Everyone can check the availability of their password in the database by entering their hash on the Have I Been Pwned (HIBP) website or in the Firefox Monitor service . Now another way to do this is through the new Password Checkup extension for Chrome.

    Password Checkup verifies the authenticity of the password on any site. If the user enters compromised credentials somewhere, the extension signals this.

    Like Firefox Monitor, the extension does not send the password itself, but its hash to the server for verification. See the detailed description of the cryptographic scheme , which is schematically depicted in the illustration below.



    Google claims that reconciliation is carried out on the basis of 4 billion accounts . This is more than there is in the HIBP database: perhaps the company owns password databases that have not yet been made publicly available.

    Google notes that on its sites, users are protected from leaks automatically. The company constantly scans hacker bases. If the password for Google Account is noticed in any of the leaks, then it is automatically deactivated. Such a measure has already allowed ten times to reduce the theft of Google accounts.

    Also popular now: