Chrome’s Password Warning: It’s a Feature, Not a Hack

If you are a regular user of Google’s Chrome browser, you may have recently noticed a new warning pop up when logging into a site. 

This is not a sign that the site you’re accessing has been hacked – rather, it’s a new feature in the browser that was incorporated in a December 2019 update.  Google is checking a hashed copy of your login details against a database of compromised data and alerting you that your info has potentially been compromised.  From a recent Google blog post:

“Whenever Google discovers a username and password exposed by another company’s data breach, we store a hashed and encrypted copy of the data on our servers with a secret key known only to Google… When you sign in to a website, Chrome will send a hashed copy of your username and password to Google encrypted with a secret key only known to Chrome. No one, including Google, is able to derive your username or password from this encrypted copy.”

What should you do when you get this alert?  We suggest that you change your password for that site immediately – preferably to something you’ve not used in tandem with that username on any other site.  (And yes, we know this is a pain… but infinitely preferable to trying to retrieve your money or your online reputation after an identity theft incident.)

If you want to be proactive about this, Google offers a tool for checking all your stored passwords at the top of this page: https://passwords.google.com/

Simply click the “check passwords” link, and Google will walk you through checking (and changing) your stored passwords.  (If you have a lot of stored passwords, perhaps you’ll want to fire up a few episodes of some binge-worthy Netflix show before starting this process…)

If you have any questions about this, don’t hesitate to contact your support email!