Google has now integrated its Password Checkup Tool into its Chrome browser. The tool has been available for a while, but it will now become a common part of the Chrome browsing experience. So is this good or bad?
As with most tech changes, it has both its positive and negative aspects. Some users may find that this tool protects them from being hacked but, for others, it may be nothing more than a nuisance. So what exactly can you expect of this tool?
First of all, this tool shouldn’t be confused with the password manager which all browsers have. This is the process used to store passwords for certain sites so that you don’t have to remember them each time you sign in. For the most part, such storage is safe and protected. To use the password manager for Google, you must use two-factor authentication (2fa). This means you will need a cell phone to get an SMS message in order to work with managing your passwords, If not, you will need another email account linked to your Google account. Of course, you can always type in your password, if you remember it.
Basically, the Password Checkup Tool will tell you if your password has been exposed in a breach, if you have reused it on other sites, or if it is weak. Even if you don’t use the Chrome browser and have a Google account, (which you have if you use Gmail) you can use the Password Checkup Tool. It is built into the Password Manager (passwords.google.com) as seen below.
To use it, you will need your cell phone or other means of 2fa.
Eventually, you will reach a page that shows all the passwords connected to your Google account and a report on how safe they are. Here, for example, is the analysis of my account.
True, I did have an old account which I never use that did have a poor password. The password checker gave me the option of changing it for that account, but I didn’t need the Chrome browser to do this.
You may well ask how Google knows whether I have compromised passwords. They apparently maintain a database of data dumps that include usernames and passwords. If they, or their automated algorithms, find that one of their customer’s accounts has been compromised, they will notify that person to change their password. They can also determine if a user is using the same, or a similar, password on multiple websites, if they have been stored in the browser. Again, you don’t need to use Chrome to get this information. You could also use independent sites like ‘have I been pwned’ to check on whether anyone has leaked your usernames and passwords. You don’t need a Google account to do this.
So what benefits are there for having the Password Checkup Tool automatically integrated into your browser? Well, first of all, if you are a dedicated user of Chrome, you would have more saved passwords in it that could be checked. Every time you log into a website, the tool will check your password to see if it has been hacked or if you have reused it elsewhere. It will also analyze the password to see if it is strong enough.
Some users may not care if a password is too simple because they may not use the site much and may not care if the password is compromised. In this case, they may be tired of being warned every time they access the site. Google does give users the option to ignore warnings for specific sites and there is also the option to turn off the tool completely. Google apparently realizes that some people may find these warnings more of a nuisance than a help.
Expect many users to be confused by the new messages that appear. Many will ask, and have been asking, if these messages are legitimate or if they are being hacked. Here’s how the new messages will look.
However, the fact remains that the Password Checkup Tool will give more opportunities to hackers to spoof these messages. This is more likely to happen after users get used to seeing them and become less suspicious.
Overall, the Password Checkup Tool is valuable to users who aren’t especially savvy with respect to cybersecurity. In the end, all Google can really do is warn users of problems. No doubt, the internet would be safer if Google required a password change. They could remove any account that refused to comply. But Google, after all, is a business and they couldn’t risk losing customers in this way. For the time being, it will still be up to the users whether to take the Password Checkup Tool’s advice or not. But, let’s face it. Many users will just shrug off such warnings and, probably, disable the tool if these warnings become too much of an annoyance.
In short, Google has taken a step in the right direction and made the internet a little safer place. The problem is that Chrome is the most popular browser and, as such, is always a target for hackers. It’s one of the reasons why some people concerned with cybersecurity choose to use lesser known browsers. For those who don’t use Chrome yet have a Google account, you can get a deeper look into your account’s security here. It’s worth a look.