Published: Mon, August 19, 2019
Electronics | By Kelly Massey

Google research says thousands are using passwords that have been hacked

Google research says thousands are using passwords that have been hacked

Of the 21 million sets of account credentials scanned by Password Checkup, 316,000 - or 1.5 percent - had already been compromised.

One reason why Google came up with the Password Checkup extension is that users still tend to recycle their passwords, even ones which are unsafe and may have been compromised in the past.

Of the almost 667,716 people who installed the extension and participated in the research between February 5, 2019 and March 4, 2019, Google managed to scan 21 million log-in user names and passwords, flagging 316,000 as unsafe.

For those who do not want Google checking for password safety, they are allowed to disable these Password Checkup features from the browser. By alerting users to this breach status, 26% of our warnings resulted in users migrating to a new password. It does not track user credentials and search on a database of over 4 billion username-password pairs known to cybercriminals.

"At present, these services make a variety of tradeoffs spanning user privacy, accuracy, and the risks involved with sharing ostensibly private account details through unauthenticated public channels", the researchers said. Users chose to ignore 81,368 or 25.7% of the breach warnings which could be because they didn't think the account is worth the effort to change the password or it could be that the account is a shared one within a household.

Hickenlooper Expected To End 2020 bid On Thursday
Hickenlooper said in his video Thursday he hasn't decided yet whether he'll challenge Gardner. Hickenlooper launched his presidential campaign five months ago.


In the first month of operation, nearly 670,000 people participated in the service, logging in 21 million times. FIDO2 is claimed to be more secure than using traditional type-password method and is equipped in all Android devices running on version 7.0 or later.

Even better, 60 per cent of new passwords are secure against guessing attacks, they say. They use lists of common, weak passwords such as "password" or "123456", and can also generate likely passwords, such as by adding numerical strings to commonly used words.

Cyber attackers often have wide-scale access to billions of stolen usernames and passwords. But it's okay. You still have time to get a password manager, enable two-factor authentication on your important accounts, and brush up on security hygiene 101.

The defense against credential stuffing is simple: Use a unique password for each and every online account.

Bad habits are hard to break, especially when it comes to reusing a sequence of numbers, letters and symbols in passwords.

Like this: