![](\"https:\/\/images.idgesg.net\/images\/article\/2018\/07\/chrome_browser_logos_by_gerd_altmann_cc0_via_pixabay_1200x800-100765584-large.3x2.jpg\"\/)
<\/p>\n
Credit to Author: Gregg Keizer| Date: Fri, 04 Oct 2019 04:06:00 -0700<\/strong><\/p>\n Google has launched a web-based hacked-password checker, part of its efforts to bake an alert system into Chrome.<\/p>\n Called “Password Checker,” the service examines the username-password combinations stored in Chrome’s own password manager and reports back on those authentication pairings that have been exposed in publicly-known data breaches.<\/p>\n The web version can be found at passwords.google.com<\/i><<\/a>>, the umbrella site for Chrome users who run the browser after logging in with their Google account, then use that to synchronize data – including passwords – between copies of Chrome on different devices.<\/p>\n After requesting a password checkup, Google returns the results to Chrome, organized in lists of accounts relying on already-compromised username-password pairs, accounts for which the user has reused a password (something usually frowned on by security experts) and accounts that rely on weak passwords.<\/p>\n At the moment, there’s nothing built into Chrome, at least the most polished, Stable build; only the external web-based dashboard has been launched.<\/p>\n But as Google said last month when it released Chrome 77, it plans to bake a hacked-password alert system into the browser. Details then were absent, although the intent was clear: Chrome would have something similar to what Mozilla will premiere in three weeks when the open-source developer ships the next Firefox.<\/p>\n Currently, the Windows version of Chrome 78 Beta – the build that leads to Stable – as well as the less-reliable Chrome 79 Canary on both Windows and macOS, sports the new password checking system. For now, it has been hidden behind a setting on a semi-secret options screen.<\/p>\n To switch it on, type chrome:\/\/flags<\/i> in the address bar; press Return or Enter; type passwords<\/i> in the search field; locate the Password Leak Detection<\/i> item; and to the right of that, select Enabled<\/i> from the drop-down list. Finally, relaunch Chrome.<\/p>\n To verify that the alert system is active, choose Settings<\/i> from the main menu (under the vertical ellipsis at the right); select Passwords<\/i> under Autofill<\/i>; and look for the Check password safety<\/i> item. The toggle to the right should be in the on position.<\/p>\n When the user enters a username + password that have been exposed by a breach, Chrome should pop up a warning that the password has been leaked and needs to be changed. In Computerworld<\/i>‘s trials, however, the alert did not always work: One website whose password had been reported in a breach did not display the alert, while several other sites – some of them using the same username + password pair – did result in an on-screen warning.<\/p>\n When it does appear, the alert contains a Check passwords<\/i> button. Press that and the browser opens the online password checkup now in operation.<\/p>\n Last month, Google said it planned to include the hacked-password warning in Chrome 78, then – and now – slated to ship Oct. 22.<\/p>\n (Coincidentally, that’s the same day Firefox is to launch its<\/i> alert system. More on that in a bit.)<\/p>\n But on Tuesday, in one of several Chromium bug reports<\/a> devoted to the password warning development, the feature was described as “launching in M79 for all the platforms.” M79<\/i> refers to Chrome 79, the year’s last upgrade, set to release Dec. 10.<\/p>\n The current Chrome Beta build will warn the user when he or she enters a username + password combination that’s been identified as among those revealed by a data breach. The feature is slated to ship with Chrome 79, due to launch Dec. 10.<\/p>\n If Mozilla stays with its plan, Firefox will have a hacked-password alert system of its own before that.<\/p>\n Firefox 70, scheduled to release Oct. 22, will integrate two formerly separate functions<\/a> – Firefox Monitor, a password alert service, and the Lockwise password manager – that will complete a swath of tasks, including identifying victimized accounts and guiding users through changes to leaked passwords.<\/p>\n Firefox Monitor, which Mozilla introduced in November 2018<\/a>, relies on a partnership with the Have I Been Pwned?<\/i><\/a> site and service.<\/p>\n The source of Google’s leak information is unclear, but it would be less likely than, say, Mozilla, to rely on outside help.<\/p>\n Not surprisingly given Google’s emphasis on enterprise management of late, a group policy – PasswordLeakDetectionEnabled<\/i> will be available at launch for IT administrators. Details of the policy’s settings can be found here<\/a>.<\/p>\n