logo
Mobile
Smartphones
Tablets
Smartwatch & Wearables
Telco
PC
Laptops
Monitors, Input Devices & Accessories
PC Components
Storage
Networking & Security
Lifestyle
Audio
Video
Photography
Smart Home
AI
Cars
Apps & Software
Entertainment
Gaming & Culture
TV & Movies
Guides
How To
Tips
DealsEditor's Picks
Follow Us
Connect with us and stay updated with the latest news and promotions from us! Sign up now!
Lifestyle

Is Google doing enough to protect our data? Or Is it the other way around?

What more can Google do better to safeguard our internet use? Or are we too complacent? Chrome's Password Checkup extension can help some, but the onus is still upon you.

By Terence Ang - 

Image Source: Google security blog.

Image Source: Google security blog.

In a highly connected world where people often re-use their usernames, passwords and credit card information across different websites, apps, software programs, games and emails, is it too late to wonder why there is a constant concern about how protected our data is? In fact, this becomes even more poignant when we’re keying the same set of credentials into our mobile devices on a daily basis.

In a research paper titled ‘Protecting Accounts from Credential Stuffing with Password Breach Alerting’, credential stuffing attacks are hard to protect against due to an asymmetry of knowledge: attackers have wide-scale access to billions of stolen usernames and passwords, while users and identity providers are clueless as to which ones are suspect.

The paper sought to create a privacy-preserving protocol whereby a client can query a centralized breach repository to check if a specific username and password combination is publicly exposed, but without revealing the information being queried. This also means the client can be an end-user, a password admin manager or an identity provider. What the researchers did was to implement a cloud service, hosting access to over 4 billion credentials found in breaches and using a Google Chrome extension as an initial client. The extension, called Password Checkup, can be downloaded for your Chrome browser here.

Using anonymous telemetry from nearly 670,000 users and 21 million logins, the researchers found 1.5% of logins on the web included breached credentials. By raising an alert to the user, 26% of warnings resulted in users migrating to a new password.

In mid-August, Google released two new features for the Password Checkup extension. The first was a direct feedback mechanism where users can inform the research team about issues they face via a quick comment box. The second feature gives users more control over their data. They can opt-out of the anonymous telemetry which the extension reports, including the number of lookups, alert for password change and so on.

While this adds an additional layer of checks on the part of the user or password admin manager, it illustrates one of many task-oriented layered securities which will become commonplace as this trend continues. At least, if you’re a Chrome user, the task seems slightly easier.

For Pixel devices and the other Android 7+ devices, Google services can now verify your identity by using your fingerprint or screen lock instead of a password.

Meanwhile, you can read more about some of their findings here:

Read Next (1): How to create stronger passwords that are harder to crack

Read Next (2): A quick guide to digital defence for the everyday person

Read Next (3): Should you use a VPN? The long and short answer

Read Next (4): Why using a free VPN is a no good, very bad idea

Our articles may contain affiliate links. If you buy through these links, we may earn a small commission.

Tags

googlesecuritychromeinternet securitypasswordsauthenticationdata protectiondata securitybiometric authentication
Share this article