This Chrome extension reveals if your password has been breached

Okta has introduced new password manager PassProtect in its latest, free Google Chrome browser extension.

If you think that by keeping a strong and difficult password your account will remain safe from hackers, then you are mistaken. But, if you think that despite being featured in a data breach you can keep the same password just because it is complicated then you are highly mistaken.

The reason is that whenever cybercriminals perform a data breach, user credentials including usernames and passwords make an appearance on online cybercrime forums. No matter how difficult the password is, once it lands on the computers of cybercriminals they are bound to use it to perform their malicious activities.

See: On Dark Web, Your Facebook ID is worth $5.20 & Gmail ID just $1

Something similar happened in February 2018 when HackRead exclusively reported on an incident in which 3,000 databases with 200 million unique accounts were found on Dark Web.

To counter such incidents and keep your password protected, Okta has introduced new password manager PassProtect in its latest, free Google Chrome browser extension. Through PassProtect, it is believed that your browser will compare your passwords to the database at Troy Hunt’s Have I Been Pwned.

It seems like an interesting way to be warned about your password being involved in data breaches even if you don’t know what Have I Been Pwned is all about or a thing about computers.

Just for information sake, Have I Been Pwned is a pretty huge database of passwords that have so far been leaked in previous data breaches such as at Tumblr, Dropbox, Adobe or LinkedIn. Basically, it informs you if you have been pwned. Okta is a company that provides safe authentication services and security tools to commercial intranets.

The new, open source Chrome extension uses K-Anonymity to scan passwords against Hunt’s massive database but it does so secretively. According to the head of developer advocacy at Okta, Randall Degges, the company decided about creating PassProtect to “dramatically improve a casual web user’s security.”

It works in a very straightforward manner. Let’s suppose your password is fifaafif; so the next time after installing PassProtect when you will enter this password on your favorite website’s login page, a pop up will appear with a warning message. This message reads like this:

“The password you just entered has been found in 26 data breaches. This password is not safe to use.”

If you decide to dismiss this message, it will be up to you to change it or keep using the same password. The warning message won’t appear again if you login into your account using the same browser.

This Chrome extension reveals if your password has been breached

Degges further added that the service has been developed to safeguard users’ passwords and it never sends a copy of the password anywhere. PassProtect firstly turns your entered password into a hashing algorithm to convert fifaafif into a random string of passwords, out of which the first five characters are sent to Hunt’s service for scanning.

See: Cybercriminals Selling Social Security Numbers of Infants on Dark Web

The scanning process is run on half a billion passwords that are contained in the database at Have I Been Pwned. A set of hashed passwords is received by the browser having the same first five characters sent initially by PassProtect. Now the searching is easier for PassProtect since the comparison dataset is quite small. It looks for the same set of the password as your in this new dataset and if a match a acquired, it uploads the warning popup.

Have I Been Pwned has also partnered with another password manager service called 1Password, which warns users of Macs and Pcs if their password has been part of any data breach.

Currently, PassProtect is available on Chrome only but Degges claims that a version for Firefox and a mobile app is also in the pipeline. A tool for web developers will also be released by Okta that will help them install PassProtect directly into a website.

Image credit: Depositphotos

Waqas

Waqas Amir is a Milan-based cybersecurity journalist with a passion for covering latest happenings in cyber security and tech world. In addition to being the founder of this website, Waqas is also into gaming, reading and investigative journalism.