top-10 Top 10 Best Android Apps & Games.best-android-phones Best Android Phones.Google says this technique, called "private set intersection," means you don't get to see Google's list of bad credentials, and Google doesn't get to learn your credentials, but the two can be compared for matches. On your local computer, Password Checkup removes the only key it is able to decrypt, your private key, leaving your Google-key-encrypted username and password, which can be compared to the Google-key-encrypted database of bad credentials. You then get a copy of your passwords encrypted with two keys-one is your usual private key, and the other is the same key used for Google's bad credentials list. If there's a match, your local computer is sent a database of every potentially matching username and password in the bad credentials list, encrypted with a key from Google. Chrome first sends an encrypted, 3-byte hash of your username to Google, where it is compared to Google's list of compromised usernames. The whole point of this is security, so Google is doing all of this by comparing your encrypted credentials with an encrypted list of compromised credentials. Any time Google hits a match, it notifies you that a specific set of credentials is public and unsafe and that you should probably change the password. Google figures that since it has a big (encrypted) database of all your passwords, it might as well compare them against a 4-billion-strong public list of compromised usernames and passwords that have been exposed in innumerable security breaches over the years.
Ars is owned by WIRED's parent company, Condé Nast.Īll of these Password Checkup features work for people who have their username and password combos saved in Chrome and have them synced to Google's servers. This story originally appeared on Ars Technica, a trusted source for technology news, tech policy analysis, reviews, and more.
0 kommentar(er)
