Have you received this popup message?
If you did, then there’s a high probability that your account credentials were leaked in a data breach.
Does it mean the website I’m visiting got breached?
It doesn’t matter what website you’re on when you receive this popup. This notification only warns you about your username and password combination that you just entered, regardless of what website you’re on.
For example, if you use the same username and password combo on both Facebook and Twitter, but only Twitter was breached, then you will get this notification if you try logging on to Facebook.
When did Google introduce this technology?
Google first introduced the technology in early 2019 as part of their Password Checkup extension. Google regularly updates their database of leaked credentials and conducts a scan of your passwords every time you try to log in. The database has over 4 billion credentials that are known to be unsafe, and has protected over 110 million users.
Does Google know my passwords?
Password Checkup was designed with cryptography experts at Stanford University to ensure that Google doesn’t actually have your usernames or passwords, and that any sensitive information stays safe from public exposure.
Here are the actions you should take if you see this warning message:
Step 1: Is it a fake notification?
Cyber criminals will use fear-inducing strategies to scare users into handing over their passwords.
Don’t click on the warning link, as you could be sent to a phishing site. It’s better to be safe than sorry.
Step 2: Confirm the warning is real
To verify that the breach warning is real, visit your Google Password Manager Page and click on “Go to Password Checkup” (you need to be logged in to your Google account).
The page will tell you if the saved passwords in your Google Account were compromised in a breach. Originally, the technology was a part of Chrome’s Password Checkup technology, but now you can use it by entering your Google account’s settings.
You can always opt out of this feature by going to Sync and Google Services -> Chrome Settings.
Please note that Google can only cross-check your passwords with their database if you’ve enabled the credential saving feature in your Chrome browser.
Step 3: Change your passwords
If Google tells you your password was compromised in a breach, then you should immediately change it.
Click on the first drop-down menu titled “compromised passwords.”
Next to each compromised password is a button Change Password that will send you to the website linked to those credentials. Click on it.
After changing each password, Google will prompt you to update the saved password. You will need to manually update each one.
Step 4: Update Your Bad Passwords
If you reuse passwords or use weak passwords, then you are at a very high risk of being compromised by threat actors.
Google’s Password Checkup will tell you which passwords are reused or weak. To lower the risk of further compromise, update them immediately.
If you have weak passwords, then you really need to be careful. If your password is 6 characters or less, then hackers can compromise your account in less than 1 second using brute force attacks.
How to implement better password security
To avoid brute-force password cracking, the minimum password length is 13 characters. Create passwords that are at least 13 characters long, and implement a mix of symbols, upper and lower case letters, and numbers.
Second, use two-factor authentication. This is an additional layer of security that can help prevent most cyber attacks, and completely stop brute force attacks.
Implementing good password security habits is one of the best things you can do to protect your personal and business data.