Jump directly to the content
Revealed
ARE YOU SAFE?

Huge Google Chrome update reveals if your passwords have been HACKED

GOOGLE Chrome can now reveal if your passwords have been hacked.

A new update to the Chrome browser makes it much easier to keep prying eyes out of your online accounts.

Google Chrome will warn you if you're used hacked passwords
4
Google Chrome will warn you if you're used hacked passwordsCredit: Google

Google already has a Safety Check tool that can scan new passwords you create – to see if those logins are already circulating online.

But the new tool also lets you scan existing passwords for old accounts that you've saved through Google Chrome.

It means that the browser can warn you if a site you've used has been breached – or if you're used a hacked password.

The tool also checks for dodgy Chrome extensions, and helps you ensure that you're using the best safety settings online.

Google cross-references your passwords with known hack "dumps"
4
Google cross-references your passwords with known hack "dumps"Credit: Google

You can find the new feature in Chrome Settings, under Sync and Google Services.

Just like the extension, Google's password-scanning feature displays a warning whenever you sign in to a website using "one of over 4billion usernames and passwords" that have been hacked.

Google does this by cross-referencing your log-in details for different sites with a huge list of hacked log-ins.

"Since our launch, over 650,000 people have participated in our early experiment," Google's Jennifer Pullman explained earlier this year.

"In the first month alone, we scanned 21million usernames and passwords and flagged over 316,000 as unsafe – 1.5% of sign-ins scanned by the extension."

You can also type your password in to HaveIBeenPwned.com to see if you've been hacked.

You can find the new feature in Chrome Settings, under Sync and Google Services.

Just like the extension, Google's password-scanning feature displays a warning whenever you sign in to a website using "one of over 4billion usernames and passwords" that have been hacked.

Google does this by cross-referencing your log-in details for different sites with a huge list of hacked log-ins.

"Since our launch, over 650,000 people have participated in our early experiment," Google's Jennifer Pullman explained earlier this year.

"In the first month alone, we scanned 21million usernames and passwords and flagged over 316,000 as unsafe – 1.5% of sign-ins scanned by the extension."

If you've got a compromised password, you should change it immediately to something more secure
4
If you've got a compromised password, you should change it immediately to something more secureCredit: Google

You can also type your password in to HaveIBeenPwned.com to see if you've been hacked.

You can find the new feature in Chrome Settings, under Sync and Google Services.

Just like the extension, Google's password-scanning feature displays a warning whenever you sign in to a website using "one of over 4billion usernames and passwords" that have been hacked.

Google does this by cross-referencing your log-in details for different sites with a huge list of hacked log-ins.

"Since our launch, over 650,000 people have participated in our early experiment," Google's Jennifer Pullman explained earlier this year.

"In the first month alone, we scanned 21million usernames and passwords and flagged over 316,000 as unsafe – 1.5% of sign-ins scanned by the extension."

You can also type your password in to HaveIBeenPwned.com to see if you've been hacked.

It's worth noting that these tools only reveal known hacks – and you may still have been hacked without Google or HaveIBeenPwned.com knowing about it.

There's obviously a huge risk for anyone whose username and passwords from different sites have been hacked.

It's important to immediately change your log-in details to stay safe.

But even passwords uploaded online without associated usernames can put you at risk.

These are the WORST passwords of 2018 – so don't ever use them
4
These are the WORST passwords of 2018 – so don't ever use themCredit: The Sun

Password safety – the expert advice

Here's what Javvad Malik, cyber expert at KnowBe4, told The Sun...

  • "Despite all their weaknesses, it looks as if passwords will stay for the foreseeable future.
  • "But there are some steps people can take to strengthen their passwords so that it is less likely hackers can break into their accounts.
  • "Perhaps the most important step is to not re-use the same password across different websites.
  • "It is convenient only having one password, but this means that if someone guesses, or steals one of your passwords, they can then use that to gain access to any of your other accounts.
  • "Using a password manager can help create and remember all the different passwords.
  • "Failing that, even writing passwords down can be good in some cases (just don't leave your notebook lying around).
  • "The second step is to take advantage of two factor authentication (2FA) wherever it is available.
  • "For many sites that offer this service, in addition to entering username and password, it will send a code via text message to your phone which will need to be entered.
  • "Third, and finally, people should be wary of the scams which try to steal their passwords.
  • "For example, receiving an email with a link from a large provider such as Microsoft, Amazon, or Apple, and asking people to re-enter their username and password or risk having their account frozen.
  • "People should never click on such links in emails, and only navigate manually to any sites they wish to visit if they need to log onto their accounts."

If you use a very simple password, it's likely someone else does too – and they may have been hacked themselves.

Hackers buy huge lists of these compromised passwords from lots of different sites because people often re-use them.

So hackers are much more likely to gain access to an account by forcing a long list of "known" hacked passwords than trying random letters or numbers.

"Hijackers routinely attempt to sign in to sites across the web with every credential exposed by a third-party breach," said Pullman.

"If you use strong, unique passwords for all your accounts, this risk disappears."

If you don't see the new Google Chrome setting, don't panic.

You might need to simply update your browser.

Check Google Chrome regularly for updates, which will ensure you get the new feature as soon as possible.

Chrome updates can often take several weeks to roll out for everyone, so keep looking out for it.

How does Google Chrome’s Incognito Mode Work?

In other news, Google Chrome now lets you group tabs together.

You can now make 12-person video calls straight from Google Chrome.

And find out how to access Google's 3D augmented reality animals.

READ MORE SUN STORIES

Will you be using this tool? Let us know in the comments!


We pay for your stories! Do you have a story for The Sun Online Tech & Science team? Email us at tech@the-sun.co.uk


Topics