Massive password breaches are all too common these days. And Google is trying to make it easier to fix compromised passwords with a new tool.

In the wake of the massive Marriott and Facebook data breaches last year, a good New Year’s resolution is to be extra careful with your passwords. Chances are though, at some point in the last few years, one of your passwords has been filched by hackers and is sitting in an illicit database.

As such, the tech giant is introducing Password Checkup, a Google Chrome browser extension. The company says Password Checkup applies to password protection “beyond just Google apps and sites.”


It works like this: if Google detects that a username and password on a site you use is one of over 4 billion credentials that Google knows are compromised, the extension will warn you and suggest that you change your password.

Installation is simple. First, install the Password Checkup extension on your Chrome browser by going to the extension installation page. Then a green Password Checkup icon will appear, typically in the upper right-hand corner of the browser.

After the extension is installed, you will begin to automatically get alerts if there is a compromised password.

To check manually, go to a site that's password protected, then click on the green Password Checkup icon, if your password hasn’t been compromised on the site, you will see this message: “None of your recently used passwords were detected in a data breach.”

Google has also added what it calls Cross Account Protection when an attacker gains access to your Google Account.

This applies to apps and sites that you sign into with Google Sign In, a method of signing into various apps and sites with your Google username and password, a method that is extremely common. (You can also do this with your Facebook account, for example.)

On these sites and apps, Google is able to send information about security events, such as an account hijacking, so those apps and sites can protect you.

If someone signs into an app or website with their Gmail address and password and their account has been breached, Google will make sure their privacy is protected in the process. The company will only share the fact that the security event happened. In the event something does happen, Google will notify the app or website.

And the same privacy protection applies to Password Checkup so that no one, including Google, can learn your account details.


“To do this, we developed privacy-protecting techniques with the help of cryptography researchers at both Google and Stanford University,” Google said.