Millions of people may need to change their login details, Google says
Published : Saturday, 17 August, 2019 at 8:32 PM Count : 302
Cyber criminals may have access to millions of people’s online login details, security research from Google suggests.
The search giant introduced the Password Checkup extension to its Chrome web browser in February this year.
It displays a warning whenever you sign in to a site using one of over four billion usernames and passwords known to be unsafe due to a third-party data breach.
Since its launch over 650,000 people have signed up and, in the first month alone, the service scanned 21 million usernames and passwords.
During this first month, the Password Checkup app flagged over 316,000 as unsafe - 1.5 per cent of sign ins scanned by the extension.
That suggests millions of people's details are at risk, even if this figure is a conservative representative of a trend across all of Chrome's five billion installations.
Hijackers routinely attempt to sign in to sites across the web with every credential exposed by a third-party breach, Google says.
Google found that unsafe login details were used online for some of the most sensitive financial, government, and email accounts.
This risk was even more prevalent on shopping sites - where users may save credit card details - news, and entertainment sites.
Outside the most popular web sites, users are 2.5 times more likely to reuse vulnerable passwords - putting their account at risk of hijacking.
Using strong, unique passwords for all your accounts can help to mitigate this risk, experts advise.
'Since our launch, over 650,000 people have participated in our early experiment,' Google's said in a written statement.
'In the first month alone, we scanned 21 million usernames and passwords and flagged over 316,000 as unsafe -1.5 per cent of sign-ins scanned by the extension.'
Google's research suggests that users choose to reset 26 per cent of the unsafe passwords flagged by the Password Checkup extension.
Even better, 60 per cent of new passwords are secure against guessing attacks, they say.
That means it would take an attacker over a hundred million guesses before identifying the new password.
Google has also released two updates to its Password Checkup extension.
The first is a direct feedback mechanism where users can tell the company about issues they are facing via a comment box.
The second lets users to opt-out of the anonymous telemetry that the extension reports.
That includes the number of lookups that surface an unsafe credential, whether an alert leads to a password change, and the domain involved for improving site coverage.
HOW CAN I CHOOSE A SECURE PASSWORD?
According to internet security provider Norton, 'the shorter and less complex your password is, the quicker it can be for the program to come up with the correct combination of characters.
The longer and more complex your password is, the less likely the attacker will use the brute force method, because of the lengthy amount of time it will take for the program to figure it out.
'Instead, they'll use a method called a dictionary attack, where the program will cycle through a predefined list of common words that are used in passwords.'
Here are some steps to follow when creating a new password:
Use a combination of numbers, symbols, uppercase and lowercase letters
Ensure that the password is at least eight characters long
Use abbreviated phrases for passwords
Change your passwords regularly
Log out of websites and devices after you have finished using them
Choose a commonly used password like '123456', 'password', 'qwerty' or '111111'
Use a solitary word. Hackers can use dictionary-based systems to crack passwords
Use a derivative of your name, family member's name, pet's name, phone number, address or birthday
Write your password down, share it or let anyone else use your login details
Answer 'yes' when asked to save your password to a computer browser