The whole point of this is security, so Google is doing all of this by comparing your encrypted credentials with an encrypted list of compromised credentials. Chrome first sends an encrypted, 3-byte hash of your username to Google, where it is compared to Google's list of compromised usernames. If there's a match, your local computer is sent a database of every potentially matching username and password in the bad credentials list, encrypted with a key from Google. You then get a copy of your passwords encrypted with two keys—one is your usual private key, and the other is the same key used for Google's bad credentials list. On your local computer, Password Checkup removes the only key it is able to decrypt, your private key, leaving your Google-key-encrypted username and password, which can be compared to the Google-key-encrypted database of bad credentials. Google says this technique, called "private set intersection," means you don't get to see Google's list of bad credentials, and Google doesn't get to learn your credentials, but the two can be compared for matches.
LEARN MOREThe WIRED Guide to Data Breaches Building Password Checkup into Chrome should make password auditing more mainstream. Only the most security-conscious people would seek out and install the Chrome extension or perform the full password audit at passwords.google.com, and these people probably have better password hygiene to begin with. Building the feature into Chrome will put it in front of more mainstream users who don't usually consider password security, which are exactly the kind of people who need this sort of thing. This is also the first time password checkup has been available on mobile, since mobile Chrome still doesn't support extensions (Google plz).Google says, "For now, we’re gradually rolling this out for everyone signed in to Chrome as a part of our Safe Browsing protections." Users can control the feature in the “Sync and Google Services” section of Chrome Settings, and if you're not signed into Chrome, and not syncing your data with Google's servers, the feature won't work.
With Password Checkup being integrated into Chrome, the extension is not really useful anymore. The Web version is still great as a full password audit for all your passwords stored by Google, and now the version built into Chrome will continually check your passwords as you enter them.
This story originally appeared on Ars Technica.
- Why the “queen of shitty robots” renounced her crown
- Amazon, Google, Microsoft—who has the greenest cloud ?
- Instagram, my daughter, and me
- Ewoks are the most tactically advanced fighting force in Star Wars
- Everything you need to know about influencers
- 👁 Will AI as a field "hit the wall" soon ? Plus, the latest news on artificial intelligence
- 🏃🏽♀️ Want the best tools to get healthy? Check out our Gear team’s picks for the best fitness trackers , running gear (including shoes and socks ), and best headphones .