Data breaches that compromise people's usernames and passwords have become so common, and used in crime for so long, that millions of stolen credential pairs have actually become practically worthless to criminals, circulating online for free. And that doesn't even begin to scratch the surface of the more current credentials sold on the black market. All of this means that it's increasingly difficult to keep track of which of your passwords you need to change. So Google has devised a Chrome extension to watch your back.
On Tuesday, the company is announcing "Password Checkup," which runs in Chrome all the time as you go about your daily web browsing, and checks passwords you enter on all sites against a database of known compromised passwords. Password Checkup isn't a password manager, a gauge of how weak or strong your passwords are, or a source of advice. It just sits quietly until it detects a credential pair that is known to be exposed, and then it shows a warning. That's it.
The tool is unobtrusive by design, so you'll actually pay attention to it when it notices genuine risks. If you've been feeling overwhelmed by all the news of data breaches and cybercrime over the past few years, Password Checkup is meant as an easy way to take back some control.
Watchdog
Google accounts tend to be particularly sensitive, because they are often the key to a person's email address. So the company has already been grappling with notifying users when their Google credentials are compromised—not because Google was hacked but because people reuse passwords on multiple sites.
Google relies on a database of compromised credentials that totals about four billion unique usernames and passwords, gathered from troves its security teams access online as they go about their larger threat detection research for the company. Google says it hasn't ever bought stolen credentials, and that it doesn't currently collaborate with other security-minded aggregators like Have I Been Pwned, a service maintained by the security researcher Troy Hunt. The company does accept donations of stolen credentials from researchers, though.
The company has already uses that stash to force Google users to abandon exposed passwords. And other Google divisions, like Nest, are working on features to prevent exposed password reuse, because of problems with account takeovers.
"We've reset something like 110 million passwords on Google accounts because of massive breaches and other data exposures," says Elie Bursztein, who leads the anti-abuse research team at Google. "The idea is, can we have a way to do it everywhere? It works in the background and then after 10 seconds you may get a warning that says 'hey, this is part of a data breach, you should consider changing your password'. We want it to be 100 percent if we show it to you you have to change it."
Google's database is always growing, but appears to have some holes. When I tested Password Checkup with a login that I know has been compromised in breaches (so I have one account I haven't updated yet, what are you gonna do) it didn't flag it.
Bursztein and Kurt Thomas, a Google security and anti-abuse research scientist note that they've skewed toward zero false positives so they aren't accidentally giving users warnings based on similar, but slightly different passwords or the same password that was compromised for a different person, but not you. And they emphasize that while the company is releasing Password Checkup as a regular Chrome extension for people to start using, it's still an experiment and isn't necessarily finalized.
Check Mate
The researchers are anticipating controversy—or "a conversation" as they often call it— about a crucial question that you may have by now, too: If Password Checkup is running quietly on Chrome all the time with the express goal of monitoring your login credentials, isn't Google going to end up with a terrifying trove of all your passwords? And if so, couldn't attackers find a way to compromise Password Checkup to grab tons of current credentials, track you, or infiltrate Google's database of stolen data?
"There are four threats we had to think about when designing the system," Thomas says. "The first is that Google never learns your username and password in the process. Another one is we don’t want to tell you about anyone else’s usernames and passwords that don’t belong to you. And we need to prevent somebody from brute forcing the system. We don’t want you to start guessing random usernames and passwords. And the last is we don’t want any sort of trackable identifier for the user that would reveal any information."
>
It wouldn't be feasible on multiple levels for Google to check the credentials without any data leaving the user's device at all. Instead, the company collaborated with cryptographers at Stanford University to devise layers of encryption and hashing—protective data scrambling—that combine to protect the data as it traverses the internet. First of all, the entire database is scrambled with a hashing function called Argon 2, a robust, well-regarded scheme, as a deterrent against an attacker compromising the database or attempting to pull credentials out of the Chrome extension.
Rather than have you download the entire database, the researchers devised a scheme for downloading a smaller subset, or partition, of the data without revealing too much about your specific username and password. When you log into a site, Password Checkup generates a hash of your username and password on your device, and then sends a snippet of it to Google. The system then uses this prefix to create the smaller subset of breached username and password data to download onto your device. "This provides a strong anonymity set where there’s basically hundreds of thousands of usernames and passwords that would fall into that prefix, but we have no idea which they are," Thomas says. "When you sign in you send that little prefix to Google and we give you every account that we know to download."
To index into your subset of the database, your device signs your encrypted username and password with a key only it knows and sends it to Google. Next the company signs it with its own secret key, then sends it back to your device, which decrypts it with its key. After this handshake is complete, the data is finally in the right state of encryption and hashing to do a compatible local lookup on your device against the portion of the database you've downloaded. The idea is that everything is encrypted all the time to make the data as indecipherable and useless to a potential attacker—or Google itself—as possible at every phase.
Details Matter
Google plans to release an academic paper about the tool with Stanford researchers that details its underlying protocols and cryptographic principles for public vetting.
When asked about the idea of a browser extension that attempts to monitor passwords in a cryptographically secure and private way, Johns Hopkins cryptographer Matthew Green said, "It's possible. It could be done securely, I think. I think. But details matter." Green notes that such a scheme would need to be executed essentially perfectly and would have a number of crucial areas where it could fall short. "If a lot of people will be using it—it's a little scary, frankly," he says. And in general, you should only install browser extensions from companies you trust.
With such a desperate need for easily understandable breach information and advice, a lot of people very easily could start using Password Checkup quickly. So it will be incumbent upon Google to actually continue improving the extension's security based on community feedback—both from users and cryptographers.