Google: only 26% of users agreed to change their password when they learned that it was compromised

In the spring of this year, Google developers introduced the Password Checkup extension for the Chrome browser, created in conjunction with specialists from Stanford University. The main objective of the extension was to check whether the user’s passwords has been compromised.

The extension starts every time a user logs into an online service.

Password Checkup checks the entered username and password (it doesn’t matter if they were entered manually or using the password manager), looking for matches in a secure database containing more than four billion credentials.

If user credentials are found in the database, the extension warns the owner of the browser about potential insecurity and recommends changing them.

“We propose a privacy-preserving protocol whereby a client can query a centralized breach repository to determine whether a specific username and password combination is publicly exposed, but without revealing the information queried”, — claim Google developers.

Now, Google engineers have published anonymous statistics collected by Password Checkup from February 5 to March 4, 2019.

As it turned out, only in 1.5% of cases out of 21,177,237 recorded user logins, they were warned of compromise because of various data leaks. That is, 316 531 logins were recognized as unsafe for approximately 670,000 users who had installed the Password Checkup extension at that time.

Read also: Google Play clicker Trojan installed over 100 million times

Interestingly, of all users who were warned about credential problems, only 26% decided to change insecure passwords.

“By alerting users to this breach status, 26%% of our warnings result in users migrating to a new password, at least as strong as the original”, — said Google specialists.

In approximately 60% of cases, the password change was successful, so, users were choosing more secure options than the original ones. Additionally, at least 94% of the passwords turned out to be as strong as the original passwords (that is, it didn’t get any worse).

Most often, problems with credentials were found on adult sites and entertainment resources, for example, streaming services. In particular, on porn sites accounted for 3.6% of all warnings, and on entertainment sites – 6.3%.

At the same time, researchers acknowledge that real numbers may look ever worse. The fact is that so far not many users as a whole have installed Password Checkup, moreover, inactive accounts have a higher level of reuse, but the extension cannot verify such accounts for obvious reasons.
User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

Daniel Zimmermann

Daniel Zimmermann has been writing on security and malware subjects for many years and has been working in the security industry for over 10 years. Daniel was educated at the Saarland University in Saarbrücken, Germany and currently lives in New York.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *


This site uses Akismet to reduce spam. Learn how your comment data is processed.

Back to top button