Google Chrome to Warn If Logins Are Found in a Data Breach


Google is adding an integrated data breach notification service to the Chrome browser that alerts users when they log on locations with infringement-related credentials.

With the steady loss of account credentials from data violations and the wild re-use of passwords frequently seen among users, notification services for data breaches were developed to alert customers to a violation in their e-mail addresses.

One of the most common facilities is that I have partnered with Pwned and Mozilla to launch a Firefox Monitor service that is integrated with the Firefox browser.

To be not outdone, Google has also lately introduced a fresh information break service through its Chrome Password Checkup browser extension, which will warn customers if they have their usernames and passwords affected when they log into a site.

By using the Password Checkup extension, Google has performed a survey which estimates that 1.5% of all logins are affected by information violations. This research also showed that 26% of customers who showed notice of a information violation altered their password.

Chrome to get notification of infringement

As this research showed that offering notifications of compromised login credentials is useful for customers, Google is now constructing this assistance straight into the browser.

While this new “protection of passwords” function is not yet completely created, Google’s bug releases[ 1, 2, 3, 4] offer us a glimpse of the way it works.

If the password protection function is activated, the fresh Google Chrome password manager option will appear that enables you to switch on and off the affected login detection function.


Password protection feature

For this feature to work, a user must first be logged into the browser. Once logged in, when the user successfully logs into a site with credentials that have been seen in multiple data breaches, Chrome will display the following “Data breach reported” alert.


Credentials found in multiple breaches

If the credentials for a specific website were only exposed in a data breach, the report shall be rewritten slightly to include the name of the website.


Exposed in single data breach

The “Check passwords” button is not presently recognized, but it may take the user to a website that describes a violation and recommends a stronger password.

Google adds a new policy for business customers called “Password Leak Detection Enabled” which will enable administrators to disable Chrome’s password security function.

Activating the password protection function

Always developing this function, certain user interface components are installed behind the flag in the Chrome 78 Canary.

You can go to chrome:/flags and search for leaks to activate the Password Leak function. Once the “Leak Detection Password” flag is displayed, set it to Enable and restart the browser at the prompt.


Password Leak Detection flag

Upon restarting Chrome, you will see the fresh function under the password manager of the browser. H / T


Mark Funk
Mark Funk is an experienced information security specialist who works with enterprises to mature and improve their enterprise security programs. Previously, he worked as a security news reporter.