One of the biggest risks associated with being hacked is not finding out that you’ve been hacked. Sure, a hacker could perform a ‘one-time’ attack, get access to your personal information and perhaps steal some of your money or clone your identity, but the value of doing so might be minimal compared to the value of being able to get into your accounts any time they like for years on end. They could watch your whole life. They would know where you’re going on vacation, who you’re speaking to on social media, where you bank, and how much you earn. They could be waiting for the perfect moment to capitalize on all of that data, and they might even be watching you right now.
We know the tone of that opening paragraph is alarmist, but we meant it to be. The fact of the matter is that even now, when all the risks of going online with weak passwords and poor protection are known, people still don’t take basic precautions when it comes to internet security. In our hearts, all of us know that we should change our passwords regularly to keep intruders away from our valuable data. Very few of us actually bother to change those passwords often enough. Almost a third of us never change our passwords at all, and that’s a huge problem. If you’ve been on the internet for a long time and you use the same password for multiple websites and accounts (which is in itself a bad idea), then there’s a strong chance that password has been compromised by now. You just aren’t aware that it’s happened.
Passwords don’t always get compromised because of something you’ve done wrong. They get compromised because a website you use has been hacked, and the private information held on its servers has been accessed and dumped elsewhere on the internet. That information sometimes includes user names, email addresses, and passwords. A website that you only used once or haven’t used in ten years might have been compromised this way, and you’d have no way of knowing that it’s happened. If you’re still using the same email address and password now as you were back then, every single one of your accounts could be in danger. There is some good news in all this, though, and that’s the fact that Google has your back.
Technically speaking, Google’s password checkup feature isn’t new. It launched in 2019, and users have been able to ‘opt-in’ to using it for some time. Some of you will have been using it for several months, and may already have benefited from its features. If you have, you’ll already know how the process works. When you save a password into Google Chrome, it will automatically check that password against a list of all known compromised passwords and account details. Should it find a match, a pop up appears warning you that your details are not secure and that you should alter your password immediately. It does this for every password you store with Google, and constantly updates its lists of what stolen information has appeared where. So long as you trust Google to store all of your passwords – which we suppose also counts as a small risk – it will check the security of your passwords every time you log in to any website or account.
Some of you who don’t remember opting into this service in the past might recently have noticed warning messages popping up for the first time. That’s because Google is no longer making its password checker optional. It’s been ‘promoted’ to become part of the ‘Security Checkup’ dashboard, and so it now runs automatically. If you choose to store passwords on Google Chrome, it will check the integrity and safety of them automatically unless you turn the service off. We have no idea why you’d want to do that. This is the next step in a process of evolution that Google helps will one day allow them to email you directly the moment they become aware that one of your passwords has been compromised. Right now, the service is reactive. One day, it might become proactive.
You shouldn’t need us to tell you why it’s a good idea to change a compromised password, but here’s a metaphor that might help you to understand. Some people don’t believe they’re vulnerable to hackers because they’re not a ‘big enough target’ compared to a celebrity or a business. That’s not how hackers work. To them, hacking is like playing Pariplay online slots. Their equivalent of spinning the reels is attempting a username and password combination, and if they don’t hit the jackpot, they’ll spin again exactly the same way as a player does with a game on an online slots website, and with just as little thought. There’s no ‘personal’ element involved in most hacking any more than an online slots player has a personal involvement in the game they’re playing; all they want is the money that might come from it. A hacker doesn’t care if you’re a billionaire or you’re broke – they want to access your systems just because they can, and if they find anything valuable in there, that’s a bonus. They’re never going to stop trying, and so using old passwords is like holding a door open for them. When you find out that a password is compromised, you need to ditch it immediately on every single website you use it on.
The majority of people understand the importance of having strong and varied passwords, but there will always be a proportion of internet users who are less savvy about security online. Google’s decision to make the password checkup tool more prominent is an attempt to drag those users into the future, and if it makes the world wide web a safer place, then it ought to be applauded. If reading this article has made you paranoid about your own security provisions, it might be time to open Chrome yourself and allow the tool to check your passwords for you. Finding out that other people may potentially have access to the data you care about is scary, but it’s only scary until you’ve been through the review and made sure all your ‘doors’ are shut and locked!