Skip to main content

1.5% of Chrome users’ passwords are known to be compromised, according to Google

password
Image used with permission by copyright holder

1.5% of passwords used in Chrome are unsafe and have been released in data breaches, according to new information from Google.

In February, a new feature was introduced to the Google Chrome browser which checks whether users’ passwords are secure. Password Checkup is a free download that scans a database of 4 million compromised passwords and informs users if their password is among them and they need to change it. The database of passwords is collated from known third-party data breaches and when a user enters their password, it is checked against the list.

Now, Google has released eye-opening stats gathered from Password Checkup. Over 650,000 users have downloaded the tool, which has flagged more than 316,000 passwords as unsafe. That’s 1.25% of sign-ins which were made using passwords known to be compromised. This included sign-ins for “some of [users’] most sensitive financial, government, and email accounts” and covered “shopping sites (where users may save credit card details), news, and entertainment sites.”

A particular problem was people reusing passwords. People were more likely to reuse passwords outside of the most popular sites — 2.5 times more likely, in fact. The reuse of passwords makes it much easier for hackers to access accounts using a technique called credential stuffing.

Even when users were warned by Password Checkup that their passwords had been compromised, only 26% of them opted to reset their passwords. On the plus side, 60% of new passwords entered were relatively secure and would require more than a hundred million attempts to guess randomly. Previously, less than 20% of new passwords achieved this level of security.

Google announced it would be adding new features to make Password Checkup, including a comment box for giving quick feedback and more data privacy controls. The extension should never be able to learn the passwords of the users it checks for, but now users can opt out of all anonymous telemetry reports.

If you are concerned that an account you use may have been compromised, you can use the free tool HaveIBeenPwned to check. And if you are looking for a way to keep your passwords secure and to create secure passwords quickly, then you can use a password manager such as LastPass or 1Password.

Editors' Recommendations

Georgina Torbet
Georgina is the Digital Trends space writer, covering human space exploration, planetary science, and cosmology. She…
This Chrome extension lets hackers remotely seize your PC
A depiction of a hacker breaking into a system via the use of code.

Malicious extensions on Google Chrome are being used by hackers remotely in an effort to steal sensitive information.

As reported by Bleeping Computer, a new Chrome browser botnet titled 'Cloud9' is also capable of logging keystrokes, as well as distributing ads and malicious code.

Read more
Why Google Chrome Incognito Mode isn’t what it claims to be
Google Chrome icon in mac dock.

A seemingly obscure little class-action lawsuit filed in 2021 has exploded into the mainstream news lately, alleging that Google continues to track users when they’re using incognito mode on Chrome.

Of course, any savvy web user knows there’s no such thing as complete privacy on the internet, at least not without running Tor through a VPN tunnel while wearing a Guy Fawkes mask. But it seems what we expect of Google Chrome’s incognito mode and what Google actually does are two different things.

Read more
Google Chrome tops this list of most vulnerable browsers
Google Chrome logo appears over photo of laptop with chart of vulnerabilities.

According to a recent report, Google Chrome is the most vulnerability-ridden browser of all the major players. Chrome also happens to be the most popular browser in the world, accounting for over 60% of usage according to most sources, which means that a larger number of people are at risk until the bugs are fixed.

Every browser suffers from these security weaknesses from time to time, including the increasingly popular Apple Safari, Microsoft Edge, and Mozilla Firefox, but Chrome has had a startlingly high number of weaknesses in 2022. The vulnerability report from Atlas VPN summarized data found in the VulDB vulnerability database. In this year alone, 303 vulnerabilities have been detected in Google Chrome. Firefox came in a distant second with 117, while 103 were found in Edge, and only 26 in Safari.

Read more