Google research says thousands are using passwords that have been hacked

Ruben Fields
August 19, 2019

The defense against password spraying is also simple: Use a strong, hard-to-guess password for each and every online account.

In February, Google released its Password Checkup extension to keep online accounts safe from hacking. A new Google study shows that users are still not changing their passwords even when they are told the account the password is used for has been compromised.

"According to the Chromium Bug Tracker, Google is looking to change things by integrating Password Checkup's leak detection directly into Chrome". Google found that 25.7% of its alerts, totaling 81,368, did not trigger a password change from users. However, things are not as easy as they sound when it comes this browser extension as users wanting to use it have to install the extension and then opt-in. These are the most vulnerable passwords.

The eggheads from Google and Stanford found that users of the Password Checkup extension reused hacked credentials across more than 746,000 domains. In the one month period after its launch, the extension had been installed on nearly 670,000 machines - and around 1.5 percent of the logins monitored were found to have been disclosed in prior breaches.

Derwin James Out Indefinitely with Foot Injury
The Chargers revealed that wide receiver Keenan Allen is also slated to miss the rest of the preseason with an ankle injury . The Chargers already are playing without running back Melvin Gordon, who is holding out of camp in a contract dispute.

The full paper, Protecting Accounts from Credential Stuffing with Password Breach Alerting, can be found on Google's AI research site.

Out of that number, a quarter (25 per cent) chose to ignore the warning. Google posited that perhaps users reused passwords on sites or accounts they didn't view as important enough to go through the effort of resetting a password. Of the 1,684,851 visits to financial sites, 0.3% received warnings and 18.6% were ignored.

The risk, as per Google, was even more prevalent on shopping sites (where users may save credit card details), news, and entertainment sites. "In the first month alone, we scanned 21 million usernames and passwords and flagged over 316,000 as unsafe-1.5% of sign-ins scanned by the extension", Google said in a report. About 71% of users who installed the extension used Windows, 14% used MacOS, 13% ChromeOS, and 2% Linux.

But, the extension works quite well, which is why Google has decided to make its "password checkup" leak detection extension a default feature of Google Chrome, as reported by 9To5 Google. The first is a direct feedback mechanism where users can inform us about any issues that they are facing via a quick comment box.

Other reports by

Discuss This Article

FOLLOW OUR NEWSPAPER