Google has recently released a new extention for their Chrome browser that informs users about unsafe usernames and passwords. It is helpful in offering you options to see how strong your passwords are and when you want to find out if any of your passwords have been compromised in different security leaks.
Of course, there is a database where you can look up the integrity of your safety precautions - it i called Have I Been Pwned. It consists of more than 6.4 billion accounts, and you may check any account email address or passwords against the database. Additionally, some password managers, like KeePass of LastPass, offer passwords checks to see if any of them are not up to the complexity standards.
How is Password Checkup by Google different?
First of all, their solution is available as a Chrome browser extention. Unfortunately, it only works with the integrated password manager of Chrome, so no third-party password managers are supported. It also uses a different system to inform users about unsafe credentials: it checks the password that is used to sign in to accounts on the Internet when sign-ins happen against a database of more than 4 billion passwords.
The extension and system was designed with privacy in mind because of the sensitive nature of the data. The extension was designed to "never reveal [..] personal information to Google" and "prevent an attacker from abusing Password Checkup to reveal unsafe usernames and passwords" - says Google.
How does it work?
The tool sends an hashed and encrypted copy of the username to Google as soon as the users sign in to the desired sites. The company claims that they are using blinding and private information retrieval to search the database of unsafe credentials; the final check that determines whether the username or password was exposed in a data breach happens locally.
The extension displays actionable information if the username or password was found to have been leaked online. Users are asked to change the password immediately, but it is also possible to ignore the warnings for specific sites.