Google’s new Chrome extension warns you about stolen passwords

Google's new Password Checkup extension is intended to prevent old hacks from haunting people.
The Password Checkup lets you know if the username and password you’re using have been nabbed by hackers in the past.

Google is releasing a new Chrome extension that could make account takeovers harder for hackers.

The Password Checkup tool, which the tech giant released on Tuesday, warns you if the username and password that you’re using were stolen in any data breaches. It then prompts you to change them if they were.

Even data breaches from more than a decade ago can still hurt victims if they haven’t changed their passwords. Consider this: A collection of 2.2 billion stolen credentials, dating as far back as 2008, continues to float around in hacker forums. Cybercriminals count on you being lazy.

For context, hackers could take over 2.2 million accounts if just one-tenth of 1 percent of the passwords in that massive leak haven’t been updated.

Google’s own database of collected credentials from public breaches contains over 4 billion usernames and passwords, said Kurt Thomas, a research scientist at Google.

The company has used that database for the last five years to protect Google users who could be affected by third-party breaches. More than 110 million accounts were kept safe through this measure, Thomas said.

“Without this safety measure, you’re about 10 times more likely to fall victim to an account takeover,” he said.