Google Says Too Many Stubborn People Are Using Compromised Passwords In Chrome

Security-conscious Chrome users will want to download the Password Checkup extension to have it check over their passwords. The extension has reportedly found that 1.5% of all website logins are using compromised credentials. The figure is even higher for porn websites. The extension launched earlier this year, and after months of checking on security, Google is now sharing data.


The extension is designed to warn users if they are using passwords and user names that have already been compromised and are publicly available. Those publicly available user names and passwords are among data that has been leaked in major hacks and other security breaches.

With the extension installed, as you travel around the web and are recognized to be using compromised credentials, the extension warns you and prompts you to change those credentials. The extension was built with the help of cryptology experts at Stanford University to ensure that Google never knows your username and password. The data that Google has released concerning the number of compromised passwords out there was gleaned from the extension's records.

Google has stated that since the extension launched in February, 650,000 people have participated in the experiment. During the first month, the extension was available, it scanned 21 million usernames and passwords, and flagged over 316,000 of those as unsafe. The study also found that users ignored 81,368, over 25%, of the breach warnings the extension handed out.

The researchers figure that the reason so many people ignore warnings could be that they didn't think it was worth their time, they were confused by the warnings, or weren't fully in charge of the account. Video streaming and porn sites were the most likely to be hacked with between 3.6 and 6.3% of logins breached. Financial and government sites were the safest, with only 0.2-0.3% of those impacted.