GOOGLE has warned users that billions of
passwords – and hundreds of thousands of username and password combinations –
have been hacked.
Cyber-experts are now urging users to make sure they’re using
tough passwords that haven’t already been stolen.
Earlier this year, Google launched a Password Checkup add-on for
the Google Chrome web browser.
It displays a warning whenever you sign in to a website using
“one of over 4billion usernames and passwords” that have been hacked.
Google does this by cross-referencing your log-in details with a
huge list of hacked log-ins.
“Since our launch, over 650,000 people have participated in
our early experiment,” Google’s Jennifer Pullman explained.
“In the first month alone, we scanned 21million usernames and
passwords and flagged over 316,000 as unsafe – 1.5% of sign-ins scanned by the
There’s obviously a huge risk for anyone whose username and passwords have been hacked. It’s important to immediately change your log-in details to stay safe.
But even passwords uploaded online without associated usernames
can put you at risk.
If you use a very simple password, it’s likely someone else does
too – and they may have been hacked themselves.
Hackers buy huge lists of these compromised passwords because
people often re-use them.
much more likely to gain access to an account by forcing a long list of
“known” hacked passwords than trying random letters or numbers.
routinely attempt to sign in to sites across the web with every credential
exposed by a third-party breach,” said Pullman.
use strong, unique passwords for all your accounts, this risk disappears.”
How to check your password
The free Password Checkup software can be loaded onto Google
Chrome and lets you know if your account details have been compromised in a cyber-attack
or data breach.
Once installed, the Chrome extension runs in the background of
your browser and checks any login details you used.
If your password or username matches a Google database of more
than 4billion compromised credentials, the software will flag them.
An alert that pops up on your screen reads: “Password Checkup
detected that your password for [website] is no longer safe due to a data
breach. You should change your password now.”
If a new data breach occurs, the tool will let you if any of your
passwords were compromised the next time you login to Chrome.
It gives you any exposed accounts in a small list that you can click through to change your passwords. All information is encrypted, and Google says it has no way of seeing your data.
“We built Password Checkup so that no one, including Google,
can learn your account details,” Google said.
“Password Checkup was built with privacy in mind. It never reports any identifying information about your accounts, passwords or device.”
Here’s what Javvad Malik, cyber expert at KnowBe4, told our source
- “Despite all their weaknesses, it looks as if passwords will stay for the foreseeable future.
- “But there are some steps people can take to strengthen their passwords so that it is less likely hackers can break into their accounts.
- “Perhaps the most important step is to not re-use the same password across different websites.
- “It is convenient only having one password, but this means that if someone guesses, or steals one of your passwords, they can then use that to gain access to any of your other accounts.
- “Using a password manager can help create and remember all the different passwords.
- “Failing that, even writing passwords down can be good in some cases (just don’t leave your notebook lying around).
- “The second step is to take advantage of two factor authentication (2FA) wherever it is available.
- “For many sites that offer this service, in addition to entering username and password, it will send a code via text message to your phone which will need to be entered.
- “Third, and finally, people should be wary of the scams which try to steal their passwords.
- “For example, receiving an email with a link from a large provider such as Microsoft, Amazon, or Apple, and asking people to re-enter their username and password or risk having their account frozen.
Here’s what Javvad Malik, cyber expert at KnowBe4,
told our source
should never click on such links in emails, and only navigate manually to any
sites they wish to visit if they need to log onto their accounts.”
You can download Password Checkup from the Chrome web-store by clicking here.