All of your passwords will now automatically get checked against data breaches and phishing protection will be available for all your login credentials.
If you use Chrome for browsing the web, expect your passwords to come under much closer scrutiny from now on.
As the Google Security Blog explains, Chrome has had breached password warnings for a while via a Passowrd Checkup extension, and it has been built into Google Accounts since October. However, Chrome 79 removes the need for the extension and turns it into a core feature of the browser. So now, when you enter any username and password, Chrome can automatically check to see if the credentials have been exposed as part of a past breach.
Google stores every breached username and password as a “strongly hashed and encrypted copy of the data” on its servers. Every login performed through Chrome 79 onwards will automatically trigger Password Checkup to send your details, which are also hashed and encrypted, to Google. A check is then carried out to see if they appear in Google’s recorded breach data and the user is informed/encouraged to change passwords if their data has been exposed.
At no point during this process can Google see your account details or knows if you are using a breached password. You can also control how the Password Checkup system works from Chrome’s settings under the “Sync and Google Services” category.
Phishing protection is also much improved in Chrome 79. Google now warns users if they attempt to enter their credentials on websites suspected of phishing. Until now, the check happened only for your Google Account password, and only when Sync was enabled. However, now the same check occurs without Sync needing to be turned on and for all the passwords you have stored in Chrome. It’s also reassuring to know that Google updates its list of unsafe websites every 30 minutes, making it very difficult for them to go undetected for long.