of Google's leading security experts, Ben Hawkes, warns cybercriminals using two 0-day iOS vulnerabilities in…
Password Checkup checks the entered username and password (it doesn’t matter if they were entered manually or using the password manager), looking for matches in a secure database containing more than four billion credentials.
If user credentials are found in the database, the extension warns the owner of the browser about potential insecurity and recommends changing them.
“We propose a privacy-preserving protocol whereby a client can query a centralized breach repository to determine whether a specific username and password combination is publicly exposed, but without revealing the information queried”, — claim Google developers.
Now, Google engineers have published anonymous statistics collected by Password Checkup from February 5 to March 4, 2019.
As it turned out, only in 1.5% of cases out of 21,177,237 recorded user logins, they were warned of compromise because of various data leaks. That is, 316 531 logins were recognized as unsafe for approximately 670,000 users who had installed the Password Checkup extension at that time.
Read also: Google Play clicker Trojan installed over 100 million times
Interestingly, of all users who were warned about credential problems, only 26% decided to change insecure passwords.
“By alerting users to this breach status, 26%% of our warnings result in users migrating to a new password, at least as strong as the original”, — said Google specialists.
In approximately 60% of cases, the password change was successful, so, users were choosing more secure options than the original ones. Additionally, at least 94% of the passwords turned out to be as strong as the original passwords (that is, it didn’t get any worse).
Most often, problems with credentials were found on adult sites and entertainment resources, for example, streaming services. In particular, on porn sites accounted for 3.6% of all warnings, and on entertainment sites – 6.3%.
Pbmsoultions.com is a domain that tries to trick you into clik to its browser notifications…
Prizestash.com is a site that tries to trick you into subscribing to its browser notifications…
Verifiedbreaking.com is a domain that tries to force you into subscribing to its browser notifications…
Themoneyminutes.com is a domain that tries to force you into subscribing to its browser notifications…
News-xcidizi.com is a domain that tries to trick you into clik to its browser notifications…
Everytraffic-flow.com is a domain that tries to trick you into subscribing to its browser notifications…
View Comments
[…] Recall that Google also claims that only 26% of users agreed to change their password when they learned that it was compromised. […]