In this digital world, passwords are most crucial, and almost a lifeline to all digital assets. But then, breaches happen, passwords are compromised, and its a really bad idea to use a password which is already known. If you are wondering how can anyone know if you are using it, it’s difficult, but not impossible. If someone is after you, he could use the database to get into your account. In this post, we are talking about PassProtect which makes sure you aren’t using already breached passwords available to hackers, and the public.
PassProtect extension for Chrome
It comes in the form of Chrome extension where you can key in a password to check against the database available with the popular website Have I Been Pwned. While it doesn’t store your password but does hash against the database to give you a yes or no.
It uses the Pwned Passwords API service to see whether or not the password you are using in any web login has been found in a breach in the past. It uses ‘k-anonymity’, which ensures that your passwords are never seen, stored, or sent over the network during this checking process
k-anonymity makes sure that the Pwned Passwords API service never gains enough information about a non-breached password. It is currently in use at hospitals which can release patient information for medical research while withholding information that discloses personal information.
How does PassProtect work
Once the extension is on board the browser, anytime you enter a password on a login page or sign-up page, you will receive a warning as soon as you stop typing. It’ll also notify you if your credentials are available in public domain. Below is one such warning:
The password you just entered has been found in 239 data breaches. This password is not safe to use.
This means attackers can easily find this password online and will often try to access accounts with it.
If you are currently using this password, please change it immediately to protect yourself.
This notice will not show again for the duration of this session to give you time to update this password.
Inmy opinion, this is a great way to know if your passwords are safe or not. The password check happens on the go. You will not have to put time checking every one of them. You can download it from the Chrome Store.