Forum Discussion

Anthony's avatar
Anthony
Iron Contributor
Aug 31, 2019

Chromium Testing "Password Leak Detection" (Not In Edge Yet)

Chromium and Chrome Canary are experimenting with Password Leak Detection. Interesting to see if Edge adds that in at some point.   Snipe comparing Chromium (Not Chrome) 78.0.3900.0 to Edge Canary ...
HotCakeX's avatar
HotCakeX
MVP
Aug 31, 2019

Anthony 

 

How it works:

Once enabled, Google Chrome will then show you if the password you enter into a website matches information Google has on public data breaches. This feature will only be available for users who are signed into their Google account, but it can help millions of people. If Google Chrome detects the user entering a compromised password, they will be shown a pop-up prompt that tells the user this password has been found in the public list of unsafe passwords.

 

The Password Leak Detection feature that was added to Chrome 78 Canary is headed to Android as well.

 

 

This website does the same thing:

 

https://haveibeenpwned.com/Passwords

 

Anthony's avatar
Anthony
Iron Contributor
Aug 31, 2019

It's an interesting feature. Might be an eventual good one for Edge too (except through Microsoft syn/accounts instead of Googles accounts). 

 

I checked Chrome Canary app on Android and it's not in the flags yet. That too will be intersting to see. 

  • HotCakeX's avatar
    HotCakeX
    MVP
    Aug 31, 2019
    I doubt its effectiveness though. what are the chances that someone who hacks a server post those passwords in public?
    or even when they put it up for sale on torrent or dark web, Google goes and buys a copy from the hacker and then integrate it into their system?
    • Anthony's avatar
      Anthony
      Iron Contributor
      Aug 31, 2019

      About zero. Those into cracking password or servers or into warez (software piracy) wouldn't be dense enough to post those passwords publicly unless they were complete amateurs. Even on some of the darknet sites or Tor sites they're not going to openly advertise or distribute them. The password leak detection probably is a good backup option/alternative and still a neat concept however as always people should be careful with their password and data information and how they process or input it on the internet as even securited sites .  Unless Google has a secret method of obtaining those leaked passwords that no one else knows about.

      • HotCakeX's avatar
        HotCakeX
        MVP
        Aug 31, 2019
        Exactly,
        I wish Microsoft would make a copy of chromium engine on their github account, like starting from version 80, and then cut its connection to the chromium and Google entirely, so that new versions of chromium won't come from google but from Microsoft themselves. Microsoft engineers can start working on it alone and add their own features in parallel with Google.
        though i'm not sure how much open source the chromium engine is or whether its license agreement even allows that.

Resources