Google is introducing two new updates that will help keep your data secure: Password Checkup, a Chrome extension that helps protect your accounts from third party data breaches, and a new feature called Cross Account Protection.
We help keep your Google Account safe by proactively detecting and responding to security threats. For example, we already automatically reset the password on your Google Account if it may have been exposed in a third party data breach—a security measure that reduces the risk of your account getting hacked by a factor of ten.
But we want to provide you with the same data breach protections for your accounts, beyond just Google apps and sites. This is where the new Password Checkup Chrome extension can help.
The Password Checkup Chrome extension checks whether a username and password on a site you use is one of over 4 billion credentials that Google knows have been compromised. In case your password has been compromised, the extension will trigger an automatic warning and suggest that you change it.
Google says that the extension has been built so that no one, including Google, can learn your account details. To do this, Google developed privacy-protecting techniques with the help of cryptography researchers at both Google and Stanford University.
In the case that an attacker is able to find a way into your Google Account, Google has built tools to help you quickly get back to safety. But these protections haven’t extended to the apps that you sign into with Google Sign In. Cross Account Protection helps address this challenge. When apps and sites have implemented it, Google is able to send information about security events—like an account hijacking, for instance—to them so they can protect you, too.
The company urged to clarify that the the security events are limited to protect your privacy. The company says that it only shares:
the fact that the security event happened;
basic information about the event, like whether your account was hijacked, or if we forced you to log back in because of suspicious activity;
information with apps where you have logged in with Google.
Cross Account Protection was created by Google, in cooperation with technology companies like Adobe, and the standards community at the Internet Engineering Task Force (IETF) and OpenID Foundation.