Skip to main content

1.5% of Chrome users’ passwords are known to be compromised, according to Google

password
Image used with permission by copyright holder

1.5% of passwords used in Chrome are unsafe and have been released in data breaches, according to new information from Google.

In February, a new feature was introduced to the Google Chrome browser which checks whether users’ passwords are secure. Password Checkup is a free download that scans a database of 4 million compromised passwords and informs users if their password is among them and they need to change it. The database of passwords is collated from known third-party data breaches and when a user enters their password, it is checked against the list.

Recommended Videos

Now, Google has released eye-opening stats gathered from Password Checkup. Over 650,000 users have downloaded the tool, which has flagged more than 316,000 passwords as unsafe. That’s 1.25% of sign-ins which were made using passwords known to be compromised. This included sign-ins for “some of [users’] most sensitive financial, government, and email accounts” and covered “shopping sites (where users may save credit card details), news, and entertainment sites.”

Please enable Javascript to view this content

A particular problem was people reusing passwords. People were more likely to reuse passwords outside of the most popular sites — 2.5 times more likely, in fact. The reuse of passwords makes it much easier for hackers to access accounts using a technique called credential stuffing.

Even when users were warned by Password Checkup that their passwords had been compromised, only 26% of them opted to reset their passwords. On the plus side, 60% of new passwords entered were relatively secure and would require more than a hundred million attempts to guess randomly. Previously, less than 20% of new passwords achieved this level of security.

Google announced it would be adding new features to make Password Checkup, including a comment box for giving quick feedback and more data privacy controls. The extension should never be able to learn the passwords of the users it checks for, but now users can opt out of all anonymous telemetry reports.

If you are concerned that an account you use may have been compromised, you can use the free tool HaveIBeenPwned to check. And if you are looking for a way to keep your passwords secure and to create secure passwords quickly, then you can use a password manager such as LastPass or 1Password.

Georgina Torbet
Georgina has been the space writer at Digital Trends space writer for six years, covering human space exploration, planetary…
Google may build Gemini AI directly into Chrome
The Google Gemini AI logo.

Google is now fleshing out its newly unified Gemini AI system in its browser with its first attempt at implementing Chat with Gemini into the Chrome Omnibox.

This latest effort will update Google Chrome with a Chat with Gemini shortcut in the Chrome Omnibox, allowing users to access the AI chatbot feature without having to go to the Gemini website, according to WindowsReport. The Omnibox serves as an address bar and search bar, and it adds multiple other tasks to a browser. Now with a simple @ prompt, you can also access Google's AI chatbot to answer questions, create images, and generate summaries, among other tasks.

Read more
Google just settled a $5B privacy suit involving Chrome browser
The Google Chrome logo on a smartphone.

Google has agreed to settle a $5 billion lawsuit brought by claimants who accused the web giant of privacy invasion by tracking their online activities despite being in “incognito mode” when using the company’s Chrome browser.

After lawyers announced on Thursday that they’d reached a preliminary agreement, U.S. District Judge Yvonne Gonzalez Rogers put a scheduled trial for the case in California on hold, Reuters reported.

Read more
This massive exploit lets hackers breach apps like Chrome, 1Password, and Telegram
A dark mystery hand typing on a laptop computer at night.

A massive security bug has just been discovered that affects WebP images used in untold numbers of websites and apps, and it could potentially let hackers break into your computer and extract data from it. In fact, Google has already seen it being actively exploited in the wild. Because of that, it’s essential that you patch your computer as soon as possible.

The discovery has been detailed by researcher Alex Ivanovs, who wrote about the bug in a blog post. Right now, it seems to affect almost all of the best web browsers, including Chrome, Firefox, Edge, and Brave. WebP images are used all over the web, meaning huge numbers of sites and apps could be affected.

Read more