Photo: Getty Images

Google is rolling out two new tools today to help the password-challenged beef up their security game. The first is a Chrome extension called Password Checkup that can identify if you’re using a password that’s been exposed in a third-party data breach. The second is a feature called Cross Account Protection, which helps protect apps you’ve signed into with your Google account.

If you trust Google enough to install the Password Checkup extension, it’ll appear as an icon in your browser bar. Then, if it detects that a username and password combination you’re using is one of more than 4 billion compromised credentials, the extension will warn you to change your password.

Advertisement

Graphic: Google

Google says you should trust it because it developed the extension with Stanford University cryptography researchers, and according to Google’s blog on the news, the extension won’t share your passwords or usernames with anyone at Google. To accomplish this, Google says it’s using multiple techniques, including hashing, k-anonymity, and blinding to keep your passwords anonymous. In the blog, Google says it “won’t bother you about outdated passwords you’ve already reset or merely weak passwords,” like the ones topping this abysmal list. Basically, you’ll only be notified if a username and password combination that you’re currently using has been exposed in a known breach.

As for the Cross Account Protection feature, that’s more aimed at app developers. In a nutshell, if your account is hacked, Google says it will send that information to the apps and websites you’ve logged into with your Google account. Google says it will only share basic information regarding the event itself.

Advertisement

Google’s new services sound like they might actually help you keep your login info safe. But because there’s always more to do, we’re also going to bang the password manager drum. Setting up a password manager doesn’t take that long and there are plenty of free options out there. And while you’re at it, don’t forget to enable two-factor authentication on important accounts as well.