At least 1.5% Chrome passwords are unsafe

Earlier this year in February, Google launched an extension for Chrome browser called Password Checkup. It is aimed to help users by analyzing usernames and passwords for various services used on a daily basis. The Google Password Checkup tool also verifies passwords for logins and prompt warnings, and flags the same if there are any third-party data breaches.

A recent report by Google Security Blog has revealed that 650,000 users participated in an early experiment. In the first month, the search giant scanned about 21 million usernames and passwords, and flagged at least 316,000 as unsafe. This means at least 1.5% of user passwords are compromised.

This included sign-ins for “some of [users’] most sensitive financial, government, and email accounts” and covered “shopping sites, news, and entertainment sites,” Google wrote in the blog.

Using the same password everywhere

One of the problems here is where people are 2.5 times more likely to reuse the same passwords outside most popular sites. For users, it is easier to remember passwords. However, it becomes even easier for hackers to access accounts using a special technique called credential stuffing.

Even after Google Password Checkup tool warned users about their passwords been compromised, only 26 percent of users went ahead to reset passwords. Still, 60 percent of these passwords entered by users were relatively secure. Even for an ethical hacker, it would require millions of attempts to guess randomly. Earlier, only about 20 percent of new passwords achieved this level of security.