September 22, 2020

Google report: 1.5% of users still use the leaked credentials to log in to the website

2 min read

In February of this year, Google released the Password Checkup extension for Chrome, which helps you resecure accounts that were affected by data breaches. Wherever you sign-in, if you enter a username and password that is no longer safe due to appearing in a data breach known to Google, you’ll receive an alert. Please reset your password. If you use the same username and password for any other accounts, please reset your password there as well. This week, Google announced the results of the expansion program one month later, showing that 1.5% of users use the leaked credentials to log in to the website.

According to Google’s statistics, a total of 650,000 Chrome users downloaded the Password Checkup extension and participated in the experiment. “Over 650,000 people have participated in our early experiment. In the first month alone, we scanned 21 million usernames and passwords and flagged over 316,000 as unsafe—1.5% of sign-ins scanned by the extension.”

After receiving the reminder of Password Checkup, the user chose to reset the 26% of the password, and 60% of them used a strong password that is difficult to crack.

This week, Google also added two new features to Password Checkup. “The first is a direct feedback mechanism where users can inform us about any issues that they are facing via a quick comment box. The second gives users even more control over their data. It allows users to opt-out of the anonymous telemetry that the extension reports, including the number of lookups that surface an unsafe credential, whether an alert leads to a password change, and the domain involved for improving site coverage.”