James Delahunty
10 Dec 2019 21:37
Google will integrate a feature into its Chrome web browser that can detect if your login usernames and passwords have been leaked in a data breach.
It has previously introduced the Password Checker extension for the Chrome browser, which checks user credentials against over 4 billion sets of credentials that are known to be compromised. It also built into the Google Account and is accessible from password.google.com if logged in.
Google is now integrating it into Chrome, gradually rolling out with release M79. If Google discovers a username and password exposed by a data breach, it stores a hashed and encrypted copy of the data on its servers.
When you sign in to a website, Chrome will send a hashed copy of your username and password to Google encrypted with a secret key only known to Chrome. No one, including Google, is able to derive your username or password from this encrypted copy.
Google uses a technique called private set intersection with blinding that involves multiple layers of encryption to determine if your username and password appear in any breach. Only you discover if your username and password have been compromised. If they have been compromised, Chrome will inform you so you can change the credentials.