Posted on October 3, 2019 at 6:22 AM
Passwords can become easy to predict and guess if people continually use the same over and over again. And that is problematic because if cybercriminals obtain one for a specific website, they could use the same for, say, the banking account associated with that service or company. One compromised password may mean the worst possible outcome for a person or an entity.
To lower the associated risk of having a password, Internet giant Google has created a useful tool that will help users be aware of the fact that they are visiting a compromised website. The resource can also warn people when they have suffered security breaches themselves.
The announcement by Google came on Wednesday, together with a tool that lets users audit their passwords, with the intention of determining whether they have been exposed to cybercriminals.
Scanning the Open Web
The tool is based on the Google Chrome web browser, and Google created it by running a macro scan over the open web to search for exposed passphrases. In addition, the global Internet giant got help from security companies that perform surveillance over the dark web. There, cybercriminals often sell passwords to the highest bidder, that they got in bulk from their shady acts at firms such as Marriot, Dunkin’ Donuts, or similarly high-profile entities.
Services and pages like haveibeenpwned.com can help people determine whether they have been victims of security breaches by entering their email address, but Google’s solution is sure to reach a significantly higher number of people, which will raise the problem to people’s attention.
Thanks to Google’s new tool, users will now that they need to proceed with caution when they enter a site and receive a message warning them that the specific page has been targeted by hackers. People’s information may be at risk, but if they receive the notice, they will think twice at the moment of sharing personal information, and they may adopt safety measures towards their own passwords.
However, nothing is perfect in life, and the new tool is not automatic per se. It requires action by users, in the form of going to Google’s Password Management page and activates the sync feature. This will allow the service to store all passwords and let the user know if they have been targeted or compromised in a security breach.
Putting All the Eggs In a Single Basket
The thing is that, for users, putting all their passwords on the same site, especially one known for its own privacy-invasive practices, maybe a little scary. The sync feature, therefore, is the equivalent of putting all the eggs in a single basket, and that means if hackers or a Google worker with bad intentions gains a hold on every password a person has, it could lead to trouble.
In that sense, a security specialist at Google named Mark Risher stated that the risk of that scenario taking place is minimal. He told Fortune that instead of the previously explained metaphor, the one that would fit best with the situation is “putting one fund and resources into a bank.”
He said that people should put all their eggs in the safest possible place, which would be a bank. He also stated that Google is the most “security-minded” firm around the web, and it implements thorough and carefully-deployed systems to make sure people’s passwords are protected at all times, even from insiders.
A Password Check-up
People with desires to use the security audit tool need to go to the Password Manager site, and they will see all their passwords in a “check-up.” The tool will reveal which ones have been breached or exposed, and it will also tell the user which ones have been reused. The resource will also identify those that are extremely easy to guess.
Risher also said that, according to a recent study, almost one quarter (24 percent) of people in the United States implement one of the notoriously easy to guess passwords identified in a list of ten. A couple of examples are “123456” or the word “password.” Roughly 33 percent use their birthday or children’s names.
Reused passwords are becoming increasingly dangerous because cybercriminals are now armed with all kinds of resources to exploit them with ease.