What's New at IDMI.Net

Our Blog

Google and the Future of Password Security

Google and the Future of Password Security

Since the end of last year, Google has been working hard to protect users’ sensitive data from malicious actors and websites. The company’s Chrome browser—used by billions worldwide—sports two relatively new features that provide a significant level of security for stored passwords. The first, which is an evolution of the Password Checkup feature, warns users when their login credentials have been compromised in a data breach. The second new feature—also an expansion of an existing security measure—offers a similar warning when users attempt to enter stored passwords on websites known or suspected to be fronts for phishing. Together, they form a strong new layer of protection for billions of devices and their respective owners.

Google’s Password Checkup feature was initially introduced as a Chrome extension in early 2019, then integrated into the browser’s native feature set later in the year. Previous iterations of Password Checkup allowed users to scan their stored credentials for potential involvement in data breaches, but it required them to have Chrome’s Sync feature enabled and proactively initiate scans. The updated version still requires users to enable Sync, but now, as noted, Chrome will display a warning whenever users entered stored credentials that have been compromised and prompt them to run a full scan with Password Checkup. By simply making the browser behave proactively instead of requiring it of users, Google is making Chrome users much safer. 

The second feature to see a useful overhaul is Google’s predictive phishing protection. The tool previously warned Chrome users when they entered their Google Account password on a phishing website, but it required that Sync be enabled to do so. With the update, Google has removed the Sync requirement and expanded the tool to work for all stored passwords. In short, Chrome will now proactively help users avoid surrendering any of their login credentials to scammers and other malicious actors.

Taken together, these two measures could establish a new gold standard for browser-based security measures. It’s hard to imagine that the minds behind other browsers won’t put their own versions of these systems in place, especially so with many of them fighting to stay in competition with Google. For individual users, the end results are nothing but a net positive.

View All Posts