Check for compromised passwords with a Chrome extension

How secure are the passwords you use online? Could they have been included in a hacked password database? Add these extensions to Chrome and get instant notifications of password problems.

Security problems seem to be getting worse instead of better and hardly a week goes by without news of a huge hack that has exposed personal details and even leaked user passwords and other login and account details. Tens of thousands, sometimes hundreds of thousands or even millions of people are affected in some of these security breaches.

What can you do about it?

There are two obvious things to do and one is to always use a unique password for each online account that is used, such as email, online storage, website login, social media and so on.

If a site is hacked and passwords are compromised, only that one website or service is affected. This is much better than using the same password across multiple sites, because if one is hacked, they are all hacked and security problems are multiplied.

The other thing you can do is to check whether your passwords have been included in any data breaches. There are websites you can visit to check if a password is known to hackers and the best known of these is Have I Been Pwned. Just enter a password and it will tell you if it has been seen before and if it has been included in a hacked password database.

Have I Been Pwned website checking a password to see if it is compromised

That is useful, but be honest, how often do you visit the website and check a password? Probably not very often. How many of your passwords have you checked? Probably not all of them.

Click the Notify menu on the site and enter your email address to receive a notification when passwords associated with the email are found in security breaches. This is not just for your email account, your address is often used as a login username for sites and you will be notified when there is a problem.

Avast hack check website checks whether passwords have been compromised

An alternative to this website is Avast Hack Check. Enter your email address, the one you use for Facebook, LinkedIn and so on, and it will tell you if the account and password have appeared in any security breaches.

A password manager is an essential utility that enables you to use unique passwords on every site, which helps if there is ever a security breach and only one site is then affected. Here I looked at 11 ways to increase the security in LastPass password manager.

There are more ways to find out if your password has been compromised and there are some great extensions for Chrome that alert you instantly when a bad password is used. Let’s take a look at some of them.

PassProtect

PassProtect is a Chrome extension that tells you when a password has been used before or is known to hackers. When you enter a password into a password box on a web page, it checks with Have I Been Pwned to see if it is known. If it is, it displays a message warning you that it has been compromised.

PassProtect Chrome extension warns if a password is known, common, or included in a security breach

It is brilliant and when you try to log in or sign up anywhere, you immediately see a warning in the browser. It does not stop you using the password and clicking I UNDERSTAND continues.

If you are signing up for an account somewhere, you can immediately try a different password and find one that is not known. If you are logging in somewhere, you can continue, but once logged in, it would be a good idea to visit your account settings and choose a new password.

It is up to you and the message can be ignored if you choose, but there is obviously a risk in this.

Password Checkup extension

Password Checkup extension is from Google and it checks the passwords you enter into websites and services against data breaches known to Google. A warning is displayed if you use a password that has been compromised.

Password Checkup Chrome extension warns if a password you use has been compromised

It sounds like a great idea and I tried hard to trigger a warning by using obvious passwords like abc123 and qwerty to log into sites, but I could not get it to show a warning. The extension uses a lot of memory and Chrome task manager reported it using 360 MB on my PC. However, the extension does have a 4.1 rating and 723,000 users, so don’t write it off completely, it may just be me.

Password Alert

Password Alert is another extension from Google and like Password Checkup extension, it aims to protect you by alerting you whenever you use a password you shouldn’t be using.

What makes this extension different is that it only protects yous Google account. If you use your Google password anywhere else apart from a Google site, a warning is displayed. A lot of people use the same password across multiple sites and if one is hacked, their hacker knows the password to several other sites. This protects your Google account by preventing you using the password elsewhere.

I tried to trigger a warning by using my Google password elsewhere, but I did not see any warning. It did not seem to work for me, but it has 726,000 users and quite a good 4.3 rating, so it could be just me. Perhaps you need to use both your Gmail address as your username as well as your Google password at a non-Google site, which I never do for obvious reasons.

Final thoughts

I could not get either of Google’s password checker extensions to produce warnings, but enough users report that these extensions are useful to make them worth trying and you may have better luck than me.

PassProtect Chrome extension worked brilliantly and I recommend you add this to Chrome to check the passwords you use across the web. It instantly alerts you if you use a password that is known, common, or included in a security breach. It will not stop you using one, but armed with the knowledge that it is unsafe, you can change it. PassProtect is recommended.