GOOGLE LOOKS LIKE IT'S FED UP with compromised credentials, so much so the firm has created a Password Checkup extension for Chrome so folks can work out if they've been impacted by recent security breaches.
The Chrome extension sits quietly in Google's browser but it springs into action when it detects that a username and password being used to login to an online service - it doesn't have to be a Google one - has been compromised.
If the credentials have been compromised, say from a data breach or leak, then the Password Checkup tool will automatically warn users of the problem and prompt them to change their password.
It all seems pretty elegant and straightforward. And for those of you about to type "OMG it will steal all of our privacies", then don't worry as Google says Password Checkup won't learn your account details for non-Google services.
"We built Password Checkup so that no one, including Google, can learn your account details. To do this, we developed privacy-protecting techniques with the help of cryptography researchers at both Google and Stanford University," Google's security and product boffins Kurt Thomas and Adam Dawes said.
"This is our first version of the Password Checkup, and we'll be refining in the coming months."
It's hardly the most glamorous thing to come out of Google, but heck, it seems to be a sensible and handy one.
Google is also taking its security helpfulness one step further with the introduction of Cross Account Protection. The tool has been designed for the rare case a hacker actually manages to compromise a Google account and could use those credentials to sign into third-party services that use the Google Sign In service.
Whereas previously Google could prevent dodgy access to its own services, it couldn't do that for third parties. But with Cross Account Protection it will send Google Sign In users information about security events, such as account hijacking, and enable the third parties to take appropriate actions.
Again, Google stressed that it would only share data about the security event, basic information such as if an account was hijacked or suspicious activity as detected, and only share this data with apps that people have logged into using Google Sign In. Basically, Google is setting itself up to avoid any form of Cambridge Analytica data sharing scandal.
It's the week in Google news
Erik Estrada wouldn't have stood for this
Hacks in support of WikiLeaks founder target gov websites