GOOGLE Chrome can now warn you automatically if you're using hacked passwords for websites.
A new feature built into the web browser scans your logins against a database of more than 4billion hacked passwords.
Earlier this year, Google launched a Password Checkup add-on for the Google Chrome web browser.
Now Google Chrome will be able to do this without requiring you to install an extension – on both desktop and mobile.
"Chrome has safety protections built in, and now we’re expanding those protections further," Google's AbdelKarim Mardini explained.
"When you type your credentials into a website, Chrome will now warn you if your username and password have been compromised in a data breach on some site or app.
"It will suggest that you change them everywhere they were used."
You can find the new feature in Chrome Settings, under Sync and Google Services.
Just like the extension, Google's password-scanning feature displays a warning whenever you sign in to a website using "one of over 4billion usernames and passwords" that have been hacked.
Google does this by cross-referencing your log-in details for different sites with a huge list of hacked log-ins.
"Since our launch, over 650,000 people have participated in our early experiment," Google's Jennifer Pullman explained earlier this year.
"In the first month alone, we scanned 21million usernames and passwords and flagged over 316,000 as unsafe – 1.5% of sign-ins scanned by the extension."
Password safety – the expert advice
Here's what Javvad Malik, cyber expert at KnowBe4, told The Sun…
- "Despite all their weaknesses, it looks as if passwords will stay for the foreseeable future.
- "But there are some steps people can take to strengthen their passwords so that it is less likely hackers can break into their accounts.
- "Perhaps the most important step is to not re-use the same password across different websites.
- "It is convenient only having one password, but this means that if someone guesses, or steals one of your passwords, they can then use that to gain access to any of your other accounts.
- "Using a password manager can help create and remember all the different passwords.
- "Failing that, even writing passwords down can be good in some cases (just don't leave your notebook lying around).
- "The second step is to take advantage of two factor authentication (2FA) wherever it is available.
- "For many sites that offer this service, in addition to entering username and password, it will send a code via text message to your phone which will need to be entered.
- "Third, and finally, people should be wary of the scams which try to steal their passwords.
- "For example, receiving an email with a link from a large provider such as Microsoft, Amazon, or Apple, and asking people to re-enter their username and password or risk having their account frozen.
- "People should never click on such links in emails, and only navigate manually to any sites they wish to visit if they need to log onto their accounts."
There's obviously a huge risk for anyone whose username and passwords from different sites have been hacked.
It's important to immediately change your log-in details to stay safe.
But even passwords uploaded online without associated usernames can put you at risk.
If you use a very simple password, it's likely someone else does too – and they may have been hacked themselves.
Hackers buy huge lists of these compromised passwords from lots of different sites because people often re-use them.
So hackers are much more likely to gain access to an account by forcing a long list of "known" hacked passwords than trying random letters or numbers.
"Hijackers routinely attempt to sign in to sites across the web with every credential exposed by a third-party breach," said Pullman.
"If you use strong, unique passwords for all your accounts, this risk disappears."
Largest breaches – hacked passwords uploaded online
Here's Have I Been Pwned's list of largest online breaches…
- Collection 1 accounts – 772,904,991 breached accounts leaked
- Verifications.io accounts – 763,117,241 breached accounts leaked
- Onliner Spambot accounts – 711,477,622 breached accounts leaked
- Exploit.In accounts – 593,427,119 breached accounts leaked
- Anti Public Combo List accounts – 457,962,538 breached accounts leaked
- River City Media Spam List accounts – 393,430,309 breached accounts leaked
- MySpace accounts – 359,420,698 breached accounts leaked
- NetEase accounts – 234,842,089 breached accounts leaked
- LinkedIn accounts – 164,611,595 breached accounts leaked
- Dubsmash accounts – 161,749,950 breached accounts leaked
If you don't see the new Google Chrome setting, don't panic.
Google is only just rolling this out, so it might take a few days or weeks to turn up on your computer.
Check Google Chrome regularly for updates, which will ensure you get the new feature as soon as possible.
In related news, cyber-experts recently warned that hackers could hijack your phone to inflict tinnitus, and even melt your gadgets using "sonic warfare".
New hacked iPhone cables let crooks completely hijack your gadgets.
And a shock Instagram blunder let strangers secretly download your photos, videos and location – with "millions of users" affected.
Do you think your cybersecurity skills are good enough? Let us know in the comments!Source: Read Full Article