Passwords can become easy to predict and guess
if people continually use the same over and over again. And that is problematic
because if cybercriminals obtain one for a specific website, they could use the
same for, say, the banking account associated with that service or company. One
compromised password may mean the worst possible outcome for a person or an
To lower the associated risk of having a password, Internet giant Google has created a useful tool that will help users be aware of the fact that they are visiting a compromised website. The resource can also warn people when they have suffered security breaches themselves.
The announcement by Google came on Wednesday,
together with a tool that lets users audit their passwords, with the intention
of determining whether they have been exposed to cybercriminals.
The tool is based on the Google Chrome web
browser, and Google created it by running a macro scan over the open web to
search for exposed passphrases. In addition, the global Internet giant got help
from security companies that perform surveillance over the dark web. There,
cybercriminals often sell passwords to the highest bidder, that they got in
bulk from their shady acts at firms such as Marriot, Dunkin’ Donuts, or
similarly high-profile entities.
Services and pages like haveibeenpwned.com can
help people determine whether they have been victims of security breaches by
entering their email address, but Google’s solution is sure to reach a
significantly higher number of people, which will raise the problem to people’s
Thanks to Google’s new tool, users will now that they need to proceed with caution when they enter a site and receive a message warning them that the specific page has been targeted by hackers . People’s information may be at risk, but if they receive the notice, they will think twice at the moment of sharing personal information, and they may adopt safety measures towards their own passwords.
However, nothing is perfect in life, and the
new tool is not automatic per se. It requires action by users, in the form of
going to Google’s Password Management page and activates the sync feature. This
will allow the service to store all passwords and let the user know if they
have been targeted or compromised in a security breach.
The thing is that, for users, putting all
their passwords on the same site, especially one known for its own
privacy-invasive practices, maybe a little scary. The sync feature, therefore,
is the equivalent of putting all the eggs in a single basket, and that means if
hackers or a Google worker with bad intentions gains a hold on every password a
person has, it could lead to trouble.
In that sense, a security specialist at Google
named Mark Risher stated that the risk of that scenario taking place is
minimal. He told Fortune that instead of the previously explained metaphor, the
one that would fit best with the situation is “putting one fund and
resources into a bank.”
He said that people should put all their eggs
in the safest possible place, which would be a bank. He also stated that Google
is the most “security-minded” firm around the web, and it implements
thorough and carefully-deployed systems to make sure people’s passwords are
protected at all times, even from insiders.
People with desires to use the security audit tool need to go to the Password Manager site, and they will see all their passwords in a “check-up.” The tool will reveal which ones have been breached or exposed , and it will also tell the user which ones have been reused. The resource will also identify those that are extremely easy to guess.
Risher also said that, according to a recent
study, almost one quarter (24 percent) of people in the United States implement
one of the notoriously easy to guess passwords identified in a list of ten. A
couple of examples are “123456” or the word “password.”
Roughly 33 percent use their birthday or children’s names.
Reused passwords are becoming increasingly
dangerous because cybercriminals are now armed with all kinds of resources to
exploit them with ease.