Getty Images/iStockphoto

Google now warns you right in Chrome if your password and user name are compromised in real-time

The search browser detects if a password and user name have been part of a data breach in real-time, and here's how to activate the new feature

Like GearBrain on Facebook

Google is getting even more serious about protecting people's passwords and user names, launching a new feature that will run a real-time check on web sites as you enter your password — and warn you if your credentials have been stolen.

Read More:

Google announced the new safety add-on in a blog post on December 10, along with additional security features. They're all designed to help people not only keep their passcodes secure — but be able to take protective measures, like changing compromised passwords, more quickly

A similar Google feature has been in place since October called Password Checkup, a Chrome extension that scans passwords stored with the browser periodically to ensure they haven't been part of a data breach. When everything is good, a badge that sits to the right of the URL bar is green. If Google believes a password has been compromised, the check mark turns red, and clicking on it brings up the problem.

But now, Google is rolling out that feature to anyone who is part of the the Safe Browsing program, scanning for phishing sites every 30 minutes. But in data Google cites on its blog post, the company says phishing sites caught by Safe Browsing are growing rapidly, well below 500,000 from January 1, 2008 to nearly 2 million today. It seems that 30 minute scans allow for too many sites to slip through, and so the scan will now happen in real time.

Phishing occurs when a hacker collects user information by pretending to be someone else, a friend, a co-worker or even an official organization like a user's bank. This is different than a hack or data breach, which typically involves someone breaking into a data base, or finding one that's not secure, and hoping themselves to details like names, passwords and even birth dates. Phishing is more selective. But details collected from a hack or data breach can be used later to phish them into giving up other details, like their bank account log-in and accounts.

Don't need to Sync to use

Chrome will also alert those who have chosen to use Sync on their Google accounts, if they've entered details into a site that the browser suspects is phishing. But today, anyone surfing the web, and is also storing passwords on Chrome's password manager, will be able make use of this tool — even without activating Sync.

For those who want to activate Safe Browsing, where the updated real-time scans will first be activated by Google, start by:

  1. Going to the three dots in the upper right of Chrome
  2. Clicking on "Settings"
  3. In the new window, in the left rail, click on "Advanced, and in the drop down menu, click on "Privacy and security"
  4. The top option, in the center rail will be "Sync and Google services" and click on the right arrow next to this
  5. Now, scroll down under "Other Google services" and click on "Safe Browsing"

Like GearBrain on Facebook
Show Comments ()

THE GEARBRAIN