PassProtect makes sure you aren’t using already breached passwords

In this digital world, passwords are most crucial, and almost a lifeline to all digital assets. But then, breaches happen, passwords are compromised, and its a really bad idea to use a password which is already known. If you are wondering how can anyone know if you are using it, it’s difficult, but not impossible. If someone is after you, he could use the database to get into your account. In this post, we are talking about PassProtect which makes sure you aren’t using already breached passwords available to hackers, and the public.

PassProtect extension for Chrome

PassProtect extension for Chrome

It comes in the form of Chrome extension where you can key in a password to check against the database available with the popular website Have I Been Pwned. While it doesn’t store your password but does hash against the database to give you a yes or no.

It uses the  Pwned Passwords API service to see whether or not the password you are using in any web login has been found in a breach in the past. It uses ‘k-anonymity’, which ensures that your passwords are never seen, stored, or sent over the network during this checking process

k-anonymity makes sure that the Pwned Passwords API service never gains enough information about a non-breached password. It is currently in use at hospitals which can release patient information for medical research while withholding information that discloses personal information.

How does PassProtect work

Once the extension is on board the browser, anytime you enter a password on a login page or sign-up page, you will receive a warning as soon as you stop typing. It’ll also notify you if your credentials are available in public domain. Below is one such warning:

The password you just entered has been found in 239 data breaches. This password is not safe to use.

This means attackers can easily find this password online and will often try to access accounts with it.

If you are currently using this password, please change it immediately to protect yourself.

This notice will not show again for the duration of this session to give you time to update this password.

Inmy opinion, this is a great way to know if your passwords are safe or not. The password check happens on the go. You will not have to put time checking every one of them. You can download it from the Chrome Store.

Posted by on , in Category Downloads with Tags
Ashish is a veteran Windows, and Xbox user who excels in writing tips, tricks, and features on it to improve your day to day experience with your devices.

One Comment

  1. djbaxter

    PassProtect is currently available as an extension for Chrome only, although they say a version for Firefox is in the works.

    In the meantime, if you are a Firefox user, you can try a similar add-on called Prevent Pwned Passwords.

    “Prevent Pwned Passwords helps make sure you don’t use any password
    that’s known to have been part of a data breach. If you try to use a
    password that’s known to have been compromised, you’ll get an alert.

    You can choose to run it whenever you enter a password on any site,
    whenever you enter a password on a “Create Account” page, or only when
    you choose to check a password from a context menu. You can also
    whitelist sites, giving you greater control over what passwords are

    This extension hashes your password and securely checks that hash
    against a database of hashes known to be breached. If it’s been involved
    in a past breach (of any account across hundreds of sites), it notifies
    you so you can change your password.

    Note that the only data ever transmitted is a password hash. We never
    send a clear-text password or any identifiable information like a
    username or a URL.

    This extension uses the Have I Been Pwned service.”

Leave a Reply

Your email address will not be published. Required fields are marked *

8 + 8 =