News

Google: only 26% of users agreed to change their password when they learned that it was compromised

Photo of Daniel Zimmermann Daniel ZimmermannAugust 20, 2019
0 73 1 minute read

In the spring of this year, Google developers introduced the Password Checkup extension for the Chrome browser, created in conjunction with specialists from Stanford University. The main objective of the extension was to check whether the user’s passwords has been compromised.

The extension starts every time a user logs into an online service.

Password Checkup checks the entered username and password (it doesn’t matter if they were entered manually or using the password manager), looking for matches in a secure database containing more than four billion credentials.

If user credentials are found in the database, the extension warns the owner of the browser about potential insecurity and recommends changing them.

“We propose a privacy-preserving protocol whereby a client can query a centralized breach repository to determine whether a specific username and password combination is publicly exposed, but without revealing the information queried”, — claim Google developers.

Now, Google engineers have published anonymous statistics collected by Password Checkup from February 5 to March 4, 2019.

As it turned out, only in 1.5% of cases out of 21,177,237 recorded user logins, they were warned of compromise because of various data leaks. That is, 316 531 logins were recognized as unsafe for approximately 670,000 users who had installed the Password Checkup extension at that time.

Read also: Google Play clicker Trojan installed over 100 million times

Interestingly, of all users who were warned about credential problems, only 26% decided to change insecure passwords.

“By alerting users to this breach status, 26%% of our warnings result in users migrating to a new password, at least as strong as the original”, — said Google specialists.

In approximately 60% of cases, the password change was successful, so, users were choosing more secure options than the original ones. Additionally, at least 94% of the passwords turned out to be as strong as the original passwords (that is, it didn’t get any worse).

Most often, problems with credentials were found on adult sites and entertainment resources, for example, streaming services. In particular, on porn sites accounted for 3.6% of all warnings, and on entertainment sites – 6.3%.

At the same time, researchers acknowledge that real numbers may look ever worse. The fact is that so far not many users as a whole have installed Password Checkup, moreover, inactive accounts have a higher level of reuse, but the extension cannot verify such accounts for obvious reasons.
Sending
User Review
0 (0 votes)
Comments Rating 0 (0 reviews)
Tags
Photo of Daniel Zimmermann Daniel ZimmermannAugust 20, 2019
0 73 1 minute read
Photo of Daniel Zimmermann

Daniel Zimmermann

Daniel Zimmermann has been writing on security and malware subjects for many years and has been working in the security industry for over 10 years. Daniel was educated at the Saarland University in Saarbrücken, Germany and currently lives in New York.

Related Articles

Trojans Mekotio and Grandoreiro

16 people behind the work of the Mekotio and Grandoreiro Trojans arrested in Spain

July 16, 2021
Phoenix Contact

Dangerous vulnerabilities detected in Phoenix Contact hardware

June 5, 2019
Facebook helped catch a pedophile

Facebook helped the FBI to catch a pedophile and sponsored the creation of a 0-day exploit for Tails

June 12, 2020
Bitzlato cryptocurrency exchange

American Authorities Closed the Bitzlato Cryptocurrency Exchange, Linking It with Conti and Hydra

January 20, 2023

Leave a Reply

Your email address will not be published. Required fields are marked *

Sending

This site uses Akismet to reduce spam. Learn how your comment data is processed.

© Copyright 2024, All Rights Reserved  | Adware.Guru;
Back to top button