Story image

Google's new Chrome feature warns about compromised logins

08 Feb 2019

 

This week Google released new measures in a bid to provide better security for its users’ data.

Announced in a blog post, the global giant asserts they’re always striving to ensure all data is secure, whether its users are consuming Google products or checking out their favourite websites and apps.

It’s two latest updates designed to keep data secure are Password Checkup, and Cross Account Protection.

Beginning with the former, Password Checkup is a Chrome extension that works to protect accounts from third-party data breaches by proactively detecting and responding to security threats.

The company already automatically resets the password on Google Accounts if it detects they may have been compromised in a third-party data breach (a measure the company asserts reduces the risk of an account being hacked by a factor of 10), but this feature operates is a little different.

With the Password Chrome Extension, Google can detect if a username and password combination on a site you use is one of over 4 billion credentials it knows have been exposed. It will then trigger an automatic warning and suggest that you change your password.

Of course, there is the issue then of where Google stores all this information, but the company says it has it covered.

“We built Password Checkup so that no one, including Google, can learn your account details. To do this, we developed privacy-protecting techniques with the help of cryptography researchers at both Google and Stanford University,” the blog reads.

“This is our first version of the Password Checkup, and we’ll be refining in the coming months. You can take advantage of these new protections right away by installing the extension.”

And now for Cross Account Protection. In a worst-case scenario measure where a hacker has been able to find their way into a Google Account, the company has a number of tools designed to get users back to safety. However, these protection methods haven’t extended to the apps that users sign into with Google Sign in.

“Cross Account Protection helps address this challenge. When apps and sites have implemented it, we’re able to send information about security events—like an account hijacking, for instance—to them so they can protect you, too.”

And again to protect user privacy, Google has designed the security events to be extremely limited, sharing only:

  • The fact that the security event happened

  • Basic information about the event like whether a user’s account was hijacked or Google forced a user to log back in because of suspicious activity

  • Information with apps where users have logged in with Google

“We created Cross Account Protection by working closely with other major technology companies, like Adobe, and the standards community at the Internet Engineering Task Force (IETF) and OpenID Foundation to make this easy for all apps to implement,” the blog post reads.

“With technologies like Password Checkup and Cross Account Protection, we're continuing to improve the security of our users across the internet, not just on Google. We'll never stop improving our defenses to keep you safe online.”

Of course, there are already a number of freely available services on the internet similar to Google's Password Checkup like Have I Been Pawned, the Identity Leak Checker and Firefox Monitor, that offer to check if your credentials or other personal details have been compromised in one of the numerous breaches that occur every year.

Veeam releases v3 of its MS Office backup solution
One of Veeam’s most popular solutions, Backup for Office 365, has been upgraded again with greater speed, security and analytics.
Too many 'critical' vulnerabilities to patch? Tenable opts for a different approach
Tenable is hedging all of its security bets on the power of predictive, as the company announced general available of its Predictive Prioritisation solution within Tenable.io.
Industrial control component vulnerabilities up 30%
Positive Technologies says exploitation of these vulnerabilities could disturb operations by disrupting command transfer between components.
McAfee announces Google Cloud Platform support
McAfee MVISION Cloud now integrates with GCP Cloud SCC to help security professionals gain visibility and control over their cloud resources.
Scammers targeting more countries in sextortion scam - ESET
The attacker in the email claims they have hacked the intended victim's device, and have recorded the person while watching pornographic content.
Cryptojacking and failure to patch still major threats - Ixia
Compromised enterprise networks from unpatched vulnerabilities and bad security hygiene continued to be fertile ground for hackers in 2018.
Princeton study wants to know if you have a smart home - or a spy home
The IoT research team at Princeton University wants to know how your IoT devices send and receive data not only to each other, but also to any other third parties that may be involved.
Organisations not testing incident response plans – IBM Security
Failure to test can leave organisations less prepared to effectively manage the complex processes and coordination that must take place in the wake of an attack.