Google research says thousands are using passwords that have been hacked

Ruben Fields
August 19, 2019

The defense against password spraying is also simple: Use a strong, hard-to-guess password for each and every online account.

In February, Google released its Password Checkup extension to keep online accounts safe from hacking. A new Google study shows that users are still not changing their passwords even when they are told the account the password is used for has been compromised.

"According to the Chromium Bug Tracker, Google is looking to change things by integrating Password Checkup's leak detection directly into Chrome". Google found that 25.7% of its alerts, totaling 81,368, did not trigger a password change from users. However, things are not as easy as they sound when it comes this browser extension as users wanting to use it have to install the extension and then opt-in. These are the most vulnerable passwords.

The eggheads from Google and Stanford found that users of the Password Checkup extension reused hacked credentials across more than 746,000 domains. In the one month period after its launch, the extension had been installed on nearly 670,000 machines - and around 1.5 percent of the logins monitored were found to have been disclosed in prior breaches.

Bangladesh Cricket Board appoints Russell Domingo as Head Coach
Russell Domingo coached the South Africa U19 cricket team in the ICC U19 Cricket World Cup 2004. He said that he will be here all the time, and we have been looking for someone just like him.

The full paper, Protecting Accounts from Credential Stuffing with Password Breach Alerting, can be found on Google's AI research site.

Out of that number, a quarter (25 per cent) chose to ignore the warning. Google posited that perhaps users reused passwords on sites or accounts they didn't view as important enough to go through the effort of resetting a password. Of the 1,684,851 visits to financial sites, 0.3% received warnings and 18.6% were ignored.

The risk, as per Google, was even more prevalent on shopping sites (where users may save credit card details), news, and entertainment sites. "In the first month alone, we scanned 21 million usernames and passwords and flagged over 316,000 as unsafe-1.5% of sign-ins scanned by the extension", Google said in a report. About 71% of users who installed the extension used Windows, 14% used MacOS, 13% ChromeOS, and 2% Linux.

But, the extension works quite well, which is why Google has decided to make its "password checkup" leak detection extension a default feature of Google Chrome, as reported by 9To5 Google. The first is a direct feedback mechanism where users can inform us about any issues that they are facing via a quick comment box.

Other reports by

Discuss This Article