"I found it sad, though not terribly surprising, that two in three people [65 percent] reuse the same password for multiple accounts", Emily Schechter, product manager of Chrome security at Google, told eWEEK.
If the password is involved in a breach that Google is aware of, the extension issues a warning to let you know that resetting the password is recommended, thus making sure that hackers wouldn't get access to your data. Instead, the extension checks a database of known breaches to determine whether both the username and passwords are mentioned in a security incident, and if they are, only then it issues a warning.
Lastly, Google says that users can do a health checkup of your Google Account, which gives you personalized and actionable security recommendations that help strengthen the security of your Google Account.
Password Checkup is a first-party extension, which begs the question as to why Google doesn't just bake into Chrome natively, and make it opt-in.
There's also a new initiative called Cross Account Protection. The extension enables you to find out which accounts have been compromised and prompts you to change unsafe passwords.
While the Password Checkup extension can help detect if a user's credentials have been compromised, they could still be vulnerable if a user has signed into other apps and sites with Google.
With data breaches on the rise, it's great to see Google develop tools like this to protect users online. Further technical details about Password Checkup can be found on the Google Security Blog. Secondly, Google launched Cross Account Protection tools which extend the Google ecosystem's account hijacking and breach notices to apps that utilise Google Sign In. To help keep us safer, a number of services have emerged.
In both cases, the services are relatively new, and Google will work to improve and refine them over time.
Google says it only shares if the event happened and necessary information like whether someone hijacked your account or if you are required to log in again because of suspicious activity. Here Google will "only share information with apps where you have logged in with Google". Cross Account Protection will start working with apps and sites that support it.