Google just released a new Chrome extension called Password Checkup. Practically everyone thinks it is the best thing since sliced bread.
Is it really that good? Should YOU install it? Find out what it does, and what you should know about Password Checkup, before you install it.
Google will already warn you if your Google Account is compromised in any way, forcing you to change your password. However, they were not able to do that for your non-Google accounts.
That changes with Password Checkup.
What Does Password Checkup Do?
Once added to Google Chrome, Password Checkup will work like a password watchdog. Every time you log into a non-Google website, it will check your login and password against a database of about 4 million leaked logins.
What Happens If It Detects A Match?
If it detects a match, you will be alerted and asked to change your password. If you are using the same login and password combination in other websites, you should obviously also change them as well.
Your New Password Will Be Verified Too
The Password Checkup extension will also verify the your new password has not been compromised either.
Sounds awesome? Well, not so fast…
Does Password Checkup Share My Data?
Google promises that Password Checkup would not report any identifying information. But it will still collect some information that Google may share or utilise :
- number of lookups that reveals an unsafe credential
- whether an alert leads to a password change, and
- the website domain involved
That said, Google will find a way somehow to benefit from it… See the next section.
Caveat : You Must Be Signed-In
Most privacy-conscious individuals who use Google Chrome do not sign into their Google Account. This allows them to anonymise their browsing history, and prevent data sharing across the many Google services.
However, Password Checkup explicitly requires you to be logged into your Google Account. It will only work if you stay logged into your Google Account while using Chrome.
Should You Install Password Checkup?
The requirement to stay logged into your Google Account is, frankly, troubling because the extension should not need you to be logged in to verify your password against a database of leaked passwords.
After all, you can already do the same anonymously at HaveIBeenPwned.
Now, we are not saying that it’s wrong for Google to try and benefit from this. This requirement is literally the price you pay for this free checking service – you must log into your Google Account and let Google track and monetise your browsing habits.
If you are fine with that, head over to the next page for our guide on how to install Password Checkup, turn it on and off, and more!
Workaround For The Privacy Conscious
If you are privacy-conscious, there is a way to have your cake and eat it too. Like all workarounds, it does entail some hassle, so you decide if it’s worth the effort.
You can install and use Password Checkup periodically. Google actually allows you to disable and re-enable it (see next page) whenever you wish. However, you can disable it just by logging out of your Google Account.
Login credentials don’t leak all the time, so it’s perfectly alright NOT to use Password Checkup every day. Once a week or month, just log into your Google Account and log into your non-Google accounts, to make sure they have not been compromised.
Then you can log out of your Google Account, effectively disabling Password Checkup, and use Google Chrome without sharing your browsing history with Google.
Support Tech ARP!