• Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
HackRead
  • December 8th, 2019
  • Home
  • About Us
  • Team
  • Advertise
  • Submit News
  • Privacy Policy
  • Contact Us
HackRead
  • Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
  • Follow us
    • Facebook
    • Twitter
    • Google+
    • Linkedin
    • Youtube
Home » Security » This Chrome extension reveals if your password has been breached

This Chrome extension reveals if your password has been breached

May 28th, 2018 Waqas Security 0 comments
This Chrome extension reveals if your password has been breached
Share on FacebookShare on Twitter

Okta has introduced new password manager PassProtect in its latest, free Google Chrome browser extension.

If you think that by keeping a strong and difficult password your account will remain safe from hackers, then you are mistaken. But, if you think that despite being featured in a data breach you can keep the same password just because it is complicated then you are highly mistaken.

The reason is that whenever cybercriminals perform a data breach, user credentials including usernames and passwords make an appearance on online cybercrime forums. No matter how difficult the password is, once it lands on the computers of cybercriminals they are bound to use it to perform their malicious activities.

See: On Dark Web, Your Facebook ID is worth $5.20 & Gmail ID just $1

Something similar happened in February 2018 when HackRead exclusively reported on an incident in which 3,000 databases with 200 million unique accounts were found on Dark Web.

To counter such incidents and keep your password protected, Okta has introduced new password manager PassProtect in its latest, free Google Chrome browser extension. Through PassProtect, it is believed that your browser will compare your passwords to the database at Troy Hunt’s Have I Been Pwned.

It seems like an interesting way to be warned about your password being involved in data breaches even if you don’t know what Have I Been Pwned is all about or a thing about computers.

Just for information sake, Have I Been Pwned is a pretty huge database of passwords that have so far been leaked in previous data breaches such as at Tumblr, Dropbox, Adobe or LinkedIn. Basically, it informs you if you have been pwned. Okta is a company that provides safe authentication services and security tools to commercial intranets.

The new, open source Chrome extension uses K-Anonymity to scan passwords against Hunt’s massive database but it does so secretively. According to the head of developer advocacy at Okta, Randall Degges, the company decided about creating PassProtect to “dramatically improve a casual web user’s security.”

It works in a very straightforward manner. Let’s suppose your password is fifaafif; so the next time after installing PassProtect when you will enter this password on your favorite website’s login page, a pop up will appear with a warning message. This message reads like this:

“The password you just entered has been found in 26 data breaches. This password is not safe to use.”

If you decide to dismiss this message, it will be up to you to change it or keep using the same password. The warning message won’t appear again if you login into your account using the same browser.

This Chrome extension reveals if your password has been breached

Degges further added that the service has been developed to safeguard users’ passwords and it never sends a copy of the password anywhere. PassProtect firstly turns your entered password into a hashing algorithm to convert fifaafif into a random string of passwords, out of which the first five characters are sent to Hunt’s service for scanning.

See: Cybercriminals Selling Social Security Numbers of Infants on Dark Web

The scanning process is run on half a billion passwords that are contained in the database at Have I Been Pwned. A set of hashed passwords is received by the browser having the same first five characters sent initially by PassProtect. Now the searching is easier for PassProtect since the comparison dataset is quite small. It looks for the same set of the password as your in this new dataset and if a match a acquired, it uploads the warning popup.

Have I Been Pwned has also partnered with another password manager service called 1Password, which warns users of Macs and Pcs if their password has been part of any data breach.

Currently, PassProtect is available on Chrome only but Degges claims that a version for Firefox and a mobile app is also in the pipeline. A tool for web developers will also be released by Okta that will help them install PassProtect directly into a website.

Image credit: Depositphotos

  • Tags
  • breach
  • Cyber Crime
  • dark web
  • hacking
  • internet
  • Password
  • Privacy
  • security
Facebook Twitter Google+ LinkedIn Pinterest
Previous article Man arrested for possession of 58 terabytes of child sexual abuse material
Next article 10 years prison for man who hacked 200 firms & sold data on Dark Web
Waqas

Waqas

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism.

Related Posts
New privacy tool exposes which website leaves your data unprotected

New privacy tool exposes which website leaves your data unprotected

New Linux vulnerability puts VPN connections at risk of hijacking

New Linux vulnerability puts VPN connections at risk of hijacking

5 things you should never do when using anonymous operating systems

5 things you should never do when using anonymous operating systems

Newsletter

Get the best stories straight into your inbox!



Don’t worry, we don’t spam

LATEST POSTS
New privacy tool exposes which website leaves your data unprotected
Privacy

New privacy tool exposes which website leaves your data unprotected

1355
New Linux vulnerability puts VPN connections at risk of hijacking
Privacy

New Linux vulnerability puts VPN connections at risk of hijacking

861
5 things you should never do when using anonymous operating systems
Security

5 things you should never do when using anonymous operating systems

1403
Israeli firm buys Private Internet Access (PIA) VPN raising privacy concerns
Surveillance

Israeli firm buys Private Internet Access (PIA) VPN raising privacy concerns

14352

HACKREAD is a News Platform that centers on InfoSec, Cyber Crime, Privacy, Surveillance and Hacking News with full-scale reviews on Social Media Platforms & Technology trends. Founded in 2011, HackRead is based in the United Kingdom.

Follow us