HomeWinBuzzer NewsGoogle Says Many Users are Logging in With Compromised Passwords

Google Says Many Users are Logging in With Compromised Passwords

Google says large numbers of users are using passwords that have previously been breached, although its Password Checkup extension is helping.


Passwords are becoming archaic in terms of business-fronted operations, but within consumer services such as email clients that are still a first line of defense. A new study shows that users are still not changing their passwords even when they are told the account the password is used for has been compromised.

According to Google data, users are using credentials that have previously been compromised. The company studied password login behavior from 670,000 users who used the company's Password Checkup Chrome extension. Those users logged into websites using the tool a total of 21 million times.

If you're unfamiliar with Password Checkup extension, it allows users to see if their credentials have been breached previously. To check the data, Google leverages a password database showing past breaches.

When a user signs into a website when using Password Checkup, the tool will check the username and password against 4 billion from the database to see if it has been compromised.

In its study, Google shows 1.5% of those 21 billion logins were using passwords that have previously been compromised. That totals 316,531 users who are using passwords that have previously been breached.

Furthermore, the company says this number would likely be higher if people had not downloaded Password Checkup.

New Features

Google also announced two new features for Password Checkup:

“Today, we are also releasing two new features for the Password Checkup extension. The first is a direct feedback mechanism where users can inform us about any issues that they are facing via a quick comment box. The second gives users even more control over their data.

It allows users to opt-out of the anonymous telemetry that the extension reports, including the number of lookups that surface an unsafe credential, whether an alert leads to a password change, and the domain involved for improving site coverage.”

Luke Jones
Luke Jones
Luke has been writing about all things tech for more than five years. He is following Microsoft closely to bring you the latest news about Windows, Office, Azure, Skype, HoloLens and all the rest of their products.

Recent News