Chrome just told me my password for this site was compromised?

Discuss site matters here

Moderators: FishPants, ooRip

Post Reply
User avatar
Redfive
Posts: 1903
Joined: Wed Oct 13, 2004 11:12 am
Location: Back in Texas

Chrome just told me my password for this site was compromised?

Post by Redfive »

I just got a notification about a data breach that affected my credentials at this site and broken forum. Anyone else see this?
Battle.net: red51ve#1673
Elder Scrolls Online - @redfive
User avatar
Anonymous Bosch
Posts: 10501
Joined: Thu Oct 14, 2004 6:09 pm
Location: Northern California [originally from the UK]

Re: Chrome just told me my password for this site was compromised?

Post by Anonymous Bosch »

Unlikely, as it doesn't necessarily imply your username and password were compromised from this site, especially if you use the same username and password elsewhere. Here's how it works:
security.googleblog.com wrote:Warnings about compromised passwords

Google first introduced password breach warnings as a Password Checkup extension early this year. It compares passwords and usernames against over 4 billion credentials that Google knows to have been compromised. You can read more about it here. In October, Google built the Password Checkup feature into the Google Account, making it available from passwords.google.com.

Chrome’s integration is a natural next step to ensure we protect even more users as they browse the web. Here is how it works:
  • Whenever Google discovers a username and password exposed by another company’s data breach, we store a hashed and encrypted copy of the data on our servers with a secret key known only to Google.
  • When you sign in to a website, Chrome will send a hashed copy of your username and password to Google encrypted with a secret key only known to Chrome. No one, including Google, is able to derive your username or password from this encrypted copy.
  • In order to determine if your username and password appears in any breach, we use a technique called private set intersection with blinding that involves multiple layers of encryption. This allows us to compare your encrypted username and password with all of the encrypted breached usernames and passwords, without revealing your username and password, or revealing any information about any other users’ usernames and passwords. In order to make this computation more efficient, Chrome sends a 3-byte SHA256 hash prefix of your username to reduce the scale of the data joined from 4 billion records down to 250 records, while still ensuring your username remains anonymous.
  • Only you discover if your username and password have been compromised. If they have been compromised, Chrome will tell you, and we strongly encourage you to change your password.
"There is only one basic human right, the right to do as you damn well please. And with it comes the only basic human duty, the duty to take the consequences." — P. J. O'Rourke
User avatar
Redfive
Posts: 1903
Joined: Wed Oct 13, 2004 11:12 am
Location: Back in Texas

Re: Chrome just told me my password for this site was compromised?

Post by Redfive »

Okay, thank you. I was / am totally ignorant where this is concerned.
Battle.net: red51ve#1673
Elder Scrolls Online - @redfive
Post Reply