Cyber criminals continue to have access to millions of Google Chrome users’ online login details, security research from Silicon Valley giant Google suggests. Google rolled-out its Password Checkup extension to its Chrome web browser in February. Password Checkup displays a warning whenever you sign in to a site using one of over four billion usernames and passwords considered unsafe following a third-party data breach.
Since its launch more than 650,000 people have signed up and Google’s Password Checkup scanned 21 million usernames and passwords in the first month alone.
The app flagged more than 316,000 as unsafe, approximately 1.5 percent of sign ins scanned by the extension.
That implies millions of Google users’ details remain at risk, even if this figure is a conservative estimate across all of Chrome’s five billion installations.
Hackers constantly attempt to sign in to sites across the web via information exposed by a third-party breach, Google says.
The tech giant discovered dangerous login details were routinely used online for highly-sensitive financial, government, and email accounts.
READ MORE: Google’s next flagship could have three advantages over the Galaxy S10
This risk was particularly high on sites relating to shopping sites, where users may save credit card details.
Users are 2.5 times more likely to reuse vulnerable passwords on popular web sites putting themselves at significant risk of being hacked.
Using unique, long and unguessable passwords across all online accounts can help to alleviate this risk, experts advise.
A Google spokesperson wrote in a statement: “Since our launch, over 650,000 people have participated in our early experiment.
“In the first month alone, we scanned 21 million usernames and passwords and flagged over 316,000 as unsafe -1.5 per cent of sign-ins scanned by the extension.”
Google’s research indicates users choose to reset 26 percent of the unsafe passwords flagged by the Password Checkup extension.
READ MORE: ‘Irritating glitch’ hits some Windows 10 users
And 60 percent of new passwords are now secure against guessing attacks.
This means it would take any would-be hacker a hundred million guesses before cracking the new password.
Google has also released two updates to its Password Checkup extension.
The first update is a direct feedback mechanism where users can inform Google about any issues experienced via a comment box.
The second update allows Google users to opt-out of the anonymous data reported by the extension.
The data ranges from the number of lookups that surface an unsafe credential, whether an alert leads to a password change, and the domain involved for improving site coverage.
How to change or reset your Google password:
You can change your password for security reasons or reset it if you forget it.
Your Google Account password is used to access many Google products, like Gmail and YouTube.
Start by opening your Google Account. You might need to sign in.
Then under Security, select Signing in to Google.
Choose Password. You might need to sign in again. Enter your new password, then select Change Password.