by Martin Brinkmann on August 22, 2019 in Google Chrome – 1 comment
Google’s Chrome web browser supports password saving and management options just like any other modern web browser. The browser offers to save passwords by default when it recognizes that a user enters login data on sites to improve the next sign-in by filling out the username and password fields automatically.
Passwords can be managed in Chrome, and there is even an option to manage passwords remotely. Google published a Password Checkup extension in 2019 for Chrome that checks the hashes of passwords that users enter in Chrome against a database of leaked passwords.
Password databases that are dumped or stolen may leak on the Internet and become public knowledge. Google is not the first company to use the data for checks; you may use services to find out if your email address leaked or if passwords are known.
Some password managers, KeePass being my favorite, support options to check passwords locally, and Mozilla launched Firefox Monitor recently in Firefox and plans to extend the functionality further.
The most recent version of Google Chrome Canary includes a new experimental flag that unlocks native password checking functionality. Instead of having to install the extension that Google created to check the password hashes, Chrome users who enable it get direct information whenever they enter a password on the Web.
Since it is an experimental feature it is necessary to enable it first. Note that you need the most recent version of Chrome Canary, the cutting edge development version of Chrome for that.
Experimental features do land in other versions of Chrome usually. Sometimes, they are integrated natively at one point in time so that it is no longer necessary to enable these features manually first. These features may be removed as well, there is no guarantee that they become available to Stable users of the browser.
Here is what you need to do to enable the feature:
- Load chrome://flags in the browser’s address bar.
- Search for Password Leak Detection.
- Change the status from Default to Enabled.
- Restart Chrome
The leak detection is active after the restart. Chrome checks the hash of the password against a database of hashes that Google maintains. It displays a notification to the user if the hash is found in the database; this is a strong indicator that the password is not safe to use. Chrome users should change the password immediately to protect the account.
Closing Words
Web browsers are a natural fit for password safety checks and the integration of monitoring systems makes a lot of sense. Some users may dislike that the browsers send password hashes to servers on the Internet for verification; Firefox Monitor and Password Leak Detection are optional features at this point in time.
I prefer to store passwords in KeePass and not in the browser, but that is just my personal preference.
Now You: What is your take on these new password leak checks that browser makers integrate in their browsers? (via Techdows)