Google explains the mechanism of “ password protection function '' strengthened with Chrome 79


Google explains the mechanism of “ password protection function '' strengthened with Chrome 79

December 11, 2019, web browser “Google Chrome"ofVersion 79.0.3945.79Has been released. Google said, “Version 79We will gradually strengthen password protection functions”And explains the mechanism of the password protection function.

Better password protections in Chrome

Google Online Security Blog: Better password protections in Chrome-How it works

The password protection function that was enhanced with Chrome 79 is the same as “Password Checkup” that was released as an official extension in February 2019. Previously it was necessary to download and install Password Checkup, but Chrome 79 has built-in Password Checkup functionality by default.

Release “ Password Checkup '' that will check whether the password used by Google on the Internet is not dangerous due to data breach-GIGAZINE

Google explains that the "strengthened password protection mechanism" is divided into the following four steps.


User name and password leaked from another company are collected, and "User name & password encrypted data" and "User name & password are generated fromhash"" On the Google database. Only Google has the key to decrypt this encryption.


When you log in to your Google account with Chrome, the encrypted data and hash of the user name and password are sent to Google after hiding the data from which account.


"(PDF file)Private set intersection with blinding”Is used to compare the leaked data with the encrypted data sent from Chrome while keeping the sender information hidden.


A final check is made locally to see if the leaked data contains your username and password. If the user name and password are found to be leaked as a result of the check, the notification “Please change your password” is displayed on Chrome.

This enhanced version of password protection is available in Chrome settingsSync and Google servicesWill be implemented gradually as part of the Safe Browsing feature that can be set from

Google also announced a feature called "Real-time phishing protection" that protects Chrome passwords even when account synchronization is not enabled. The safe browsing function previously implemented in Chrome downloads a “blacklist” of dangerous URLs such as malware created by Google and security companies every 30 minutes. It was to compare the input URL.

However, because the local blacklist is updated every 30 minutes, some phishing sites have bypassed the local blacklist using techniques such as switching domains quickly.

“Real-time phishing protection” compares URLs entered in Chrome with a list of “URLs you already know to be safe”, such as prominent websites stored in your Chrome. If the URL you are trying to access is not on the list, Chrome will check Google against the blacklist to assess the safety of that URL. According to Google, “Real-time phishing protection” increases the probability of protecting users from malicious sites by 30%. Real-time phishing protection is enabled when “Improving search and browsing” in “Sync and Google services” in Chrome settings is turned on, and finally it will be applied to all users.

In addition, if you ’re signed in to Chrome 79, a feature called “Predictive Phishing Protection” is now enabled. If you enter the password stored in Chrome into a site other than "URL already known to be safe", Chrome will check the URL against Google and check if it is a malicious site. If it is determined that the site is highly suspicious or malicious, Chrome will promptly prompt you to change your password.

Google says, “Predictive phishing protection will help protect hundreds of millions more data.”

Copy the title and URL of this article

Source link

Do you like this article??

Show More

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button