[DO IT NOW] Google Password Checkup - Comments Page 1

i have a hard time "trusting" chrome, when i tried it in the past it seemed to be a serious process hog.. there may be 10 instances of it running behind the scenes, even with only one browser tab open.
this sounds like a great idea, but, i don't want to have to use the chrome browser.
i think our privacy is OVER compromised to begin with, and trusting google.. while i prefer them to most .... is still entrusting a hige corporation with your privacy. the whole internet is a mess.

I agree, I use Chrome as little as possible and Google is the LAST enterprise I'd trust with passwords or anything else, I won't even use their search engine. I have a password manager that takes care of those issues for me already, I pay for that and have used it for three plus years now with no issues at all. I don't need, and won't accept Google's "help" with anything.

Aside from 2-factor authentication, or using a hardware key, What else can be done when your email address has been pawned?
Using a good password manager like Norton's Password Dashboard will tell you when you have duplicates or weak passwords. I'm uncomfortable having Google memorize my passwords anyway. That's why you use a password manager, right?
Knowing where it is compromised might prove useful.

@Michael Fallin

Check out "disposable email addresses"

These can be used and deleted on your schedule for whatever reason.

If you are alerted to a hack or one suddenly started to be used by another entity messaging you you'll know it was "sold" and you can delete it.

Bob has written an article here:
https://askbobrankin.com/yes_you_need_a_disposable_email_address.html

I use Dashlane, but it doesn't make it easy to change passwords and doesn't work on many sites at all. I* will definitely add the Google Password Checkup to my Chrome browser, but I have mostly switched to Vivaldi because Chrome doesn't play nice with my banking sites. I was switching back and forth to do banking and everyday surfing, but that was too much of a hassle.
I wonder if Vivaldi can use the Password Checkup since it is built on the Chromium platform?

I trust anything from Google about as far as I can spit upwind in a Class 5 hurricane.

It does work on Chrome, but I tried to add it to Opera (vpn), a browser based on Chrome, and I cannot find it. I also use another Chrome based browser, Vivaldi, and I'd guess it will not show up on their list either, or be available in the Chrome Web Store for it.

Google 'bad'....1PASSWORD 'good'

I love google. I have absolutely no reason/s not to trust fully. I've used google for as long as I have had the internet and google has all of my information and passwords. I have never had an issue with google's safety or password compromise issues.
I really do not understand how or why some people don't appreciate it.
I haven't checked out this "password checkup" app as of yet because I wanted to make sure I had plenty of time to sit down and work with it. I have planned to do that this weekend.
Do I use the same password everywhere ? No, however I do have the same password/s used on more than one site and still no issues.
So Friday is here and Saturday I sit down with google, a thumb drive and a notepad and do the work.
I don't really see the necessity for doing this and haven't in the past, but I know it's just a matter of time, so I'll do the cautious thing.

By the way. IMHO those who have been compromised are usually the same ones who do not practice safe internet and are also the ones who keep getting viruses from questionable websites.

@Fred - People who have had passwords stolen as a result of a data breach had no control over it.

goog cannot be trusted ! you are kidding in thinking so, right? you can't read? blaming victims of data breaches for the fallout is rude or ignorant.. take your pick...

I just read someone mentioning safe internet practices. Is that just like safe sex?

"By the way. IMHO those who have been compromised are usually the same ones who do not practice safe internet and are also the ones who keep getting viruses from questionable websites."

@Fred - You are correct about most people do not protect themselves properly. However, what Bob is talking about and Google's program is all about ... going to websites that have been compromised. This is a big difference than not protecting oneself.

A Data Breach is when a Website or Company have been Hacked and Data was taken from their Databases. This Data can be passwords, email addresses, financial information, Identity Theft and many, many other pieces of Data.

For example - I have had my Visa Debit Card changed 3 different times ... Due to Visa's Database being hacked into ... I was not the cause of Database Hacking ... I was a victim of a company that doesn't keep their own security safe and sound.

This has been happening for a couple of decades now. It is a major problem and it is called a "Cyber Crime." As technology grows, becoming more and more complex ... So does Hacking!

As for Google's Password Checkup ... This is an Extension/program showing which Websites are compromised. I am going to try it out, just for interest sake. Remember, this is to look and see if the Website is compromised ... Not by you, but the Website itself.

Another great heads-up - thanks Bob. I have downloaded the Chrome PW Checkup and will see how it goes. I use ONE password for accounts of little consequence and DIFFERENT passwords for other accounts. Lastpass stores my passwords very well, generates new ones for me, and also works with my Yubikey. A total key solution would be wonderful. If my ONE password gets knocked off, I just change it progressively. I also have a throw-away email account for dubious signups etc. If compromised, I can give it the flick.

and then Chrome and Google have access to all your passwords. And google is so trustworthy!

EDITOR'S NOTE: Can you provide an example of Google breaching the privacy of an individual?

I clicked the link and learned that one account had been compromised. However, the alleged breach occurred in 2012 and I had changed the password sometime after 2012. I also do not know which site was breached. And therefore I do not know if it is worth changing my password. You don't want to punish a faithful dog just because somebody says he told somebody your email, and it is not clear which password you were using at the time. My latest password is strong and easy for me to remember. I would hate to have to change it without good cause.
That spammers have my email address is obvious. I get a lot of mail from presumed young ladies eager to have sex with me who include attachments that presumably are revealing graphics. I delete them unopened (the emails, not the young ladies).

So you give away your password to someone that will "check" if it is safe? Really how stupid are people, you NEVER give away your password to anyone!

EDITOR'S NOTE: That's not what is happening here...

Troy Hunt's Have I Been Pwned site is the source behind the Google Extension. You can go direct to HIBP or to Firefox Monitor for checking email address hacks and signing up for notifications of future hacks. Also, Troy Hunt with the help of Cloudflare make the PasswordPwned List that Google is linked to. You can use the PPL site or you can follow a link to download the 550 million known passwords that have been "collected" (stolen in data breaches)and published on the Dark Web.
Google is not evil, but very thorough at collecting whatever private data you don't opt out of.

Any email address that is in the HIBP site gives you clues as to when and where the account was breached. When in doubt change the password...
Unfortunately, really good secure passwords that have been harvested and added to the 550 million list are no longer safe to use.
Use a password manager like Lastpass(free and most popular)or1Password inexpensive and also popular.

Try the GRC/Haystack page to experiment with constructing passwords and seeing instantly why character length and character depth are important.

There seems to be confusion in this article between the password I use to access my own email account and the password I use to register with a site using my email address as username.
Would you be so foolish as to use the same password for both?
I have received the odd blackmail email claiming that my email password has been hacked, but I know it is not true; even when the hacker seemed able to send me an email that purported to come from ... me!