There is a good chance hackers already know your favorite passwords. Now Google has a new free tool to let you know when your login information is exposed.
People who use Google Chrome can download the Password Checkup extension, which will monitor their various website logins. When someone logs in with a username and password that Google knows has been compromised, it triggers a warning that prompts the user to change the password.
Google cross-checks the login credentials against a regularly updated database of more than four billion username and password entries that it has collected from sources such as password dumps. Hackers responsible for data breaches on sites like Yahoo or LinkedIn sometimes post large databases of people's usernames and passwords online. Because many people use the same passwords across sites, bad actors could try to use the information to gain access to other accounts.
The extension, which is only available on Chrome browsers, was designed with cryptography experts at Stanford University and Google. The users' passwords and usernames will be encrypted so Google won't actually be able to see them itself.
Google can already automatically reset people's passwords for Google apps and sites when it determines they may have been exposed. The new feature won't be able to automatically reset passwords for non-Google services, but it is one way to make those accounts more secure.
While the extension is new to Chrome, there are several other similar services available. Password managers like Dashlane and 1Password will monitor logins and inform people when their credentials have been compromised.