Google has released a Chrome extension called Password Checkup. Its role is to check passwords, both those stored in the password manager and those you enter manually, to ensure that they are not associated with hacked accounts. It operates through a Google database that stores data from more than 4 billion compromised accounts, allowing it to detect whether the identifiers you use are in this database. If so, it alerts you. If you’re not comfortable with your account credentials going through a third party, Google wants to reassure you: Password Checkup uses a combination of anonymization and cryptography to protect the exchange, with a technique called “blinding,” which creates a secret search index. The identifiers are anonymized with an Argon2 hash function to create a search key, and encrypted through elliptic-curve cryptography.
⇨ Chrome Web Store, “Password Checkup.”
⇨ Ars Technica, “Google releases Chrome extension that alerts users of breached passwords.”