Cookie Consent by Free Privacy Policy Generator ๐Ÿ“Œ Better password protections in Chrome - How it works

๐Ÿ  Team IT Security News

TSecurity.de ist eine Online-Plattform, die sich auf die Bereitstellung von Informationen,alle 15 Minuten neuste Nachrichten, Bildungsressourcen und Dienstleistungen rund um das Thema IT-Sicherheit spezialisiert hat.
Ob es sich um aktuelle Nachrichten, Fachartikel, Blogbeitrรคge, Webinare, Tutorials, oder Tipps & Tricks handelt, TSecurity.de bietet seinen Nutzern einen umfassenden รœberblick รผber die wichtigsten Aspekte der IT-Sicherheit in einer sich stรคndig verรคndernden digitalen Welt.

16.12.2023 - TIP: Wer den Cookie Consent Banner akzeptiert, kann z.B. von Englisch nach Deutsch รผbersetzen, erst Englisch auswรคhlen dann wieder Deutsch!

Google Android Playstore Download Button fรผr Team IT Security



๐Ÿ“š Better password protections in Chrome - How it works


๐Ÿ’ก Newskategorie: IT Security Nachrichten
๐Ÿ”— Quelle: feedproxy.google.com



Today, we announced better password protections in Chrome, gradually rolling out with release M79. Here are the details of how they work.


Warnings about compromised passwords
Google first introduced password breach warnings as a Password Checkup extension early this year. It compares passwords and usernames against over 4 billion credentials that Google knows to have been compromised. You can read more about it here. In October, Google built the Password Checkup feature into the Google Account, making it available from passwords.google.com.

Chromeโ€™s integration is a natural next step to ensure we protect even more users as they browse the web. Here is how it works:

  • Whenever Google discovers a username and password exposed by another companyโ€™s data breach, we store a hashed and encrypted copy of the data on our servers with a secret key known only to Google.
  • When you sign in to a website, Chrome will send a hashed copy of your username and password to Google encrypted with a secret key only known to Chrome. No one, including Google, is able to derive your username or password from this encrypted copy.
  • In order to determine if your username and password appears in any breach, we use a technique called private set intersection with blinding that involves multiple layers of encryption. This allows us to compare your encrypted username and password with all of the encrypted breached usernames and passwords, without revealing your username and password, or revealing any information about any other usersโ€™ usernames and passwords. In order to make this computation more efficient, Chrome sends a 3-byte SHA256 hash prefix of your username to reduce the scale of the data joined from 4 billion records down to 250 records, while still ensuring your username remains anonymous.
  • Only you discover if your username and password have been compromised. If they have been compromised, Chrome will tell you, and we strongly encourage you to change your password.
You can control this feature in the โ€œSync and Google Servicesโ€ section of Chrome Settings. Enterprise admins can control this feature using the Passwordโ€‹Leakโ€‹Detectionโ€‹Enabled policy setting.


Real-time phishing protection: Checking with Safe Browsingโ€™s blocklist in real time.
Chromeโ€™s new real-time phishing protection is also expanding existing technology โ€” in this case itโ€™s Googleโ€™s well-established Safe Browsing.

Every day, Safe Browsing discovers thousands of new unsafe sites and adds them to the blocklists shared with the web industry. Chrome checks the URL of each site you visit or file you download against this local list, which is updated approximately every 30 minutes. If you navigate to a URL that appears on the list, Chrome checks a partial URL fingerprint (the first 32 bits of a SHA-256 hash of the URL) with Google for verification that the URL is indeed dangerous. Google cannot determine the actual URL from this information.

However, weโ€™re noticing that some phishing sites slip through our 30-minute refresh window, either by switching domains very quickly or by hiding from Google's crawlers.

Thatโ€™s where real-time phishing protections come in. These new protections can inspect the URLs of pages visited with Safe Browsingโ€™s servers in real time. When you visit a website, Chrome checks it against a list stored on your computer of thousands of popular websites that are known to be safe. If the website is not on the safe-list, Chrome checks the URL with Google (after dropping any username or password embedded in the URL) to find out if you're visiting a dangerous site. Our analysis has shown that this results in a 30% increase in protections by warning users on malicious sites that are brand new.

We will be initially rolling out this feature for people who have already opted-in to โ€œMake searches and browsing betterโ€ setting in Chrome. Enterprises administrators can manage this setting via the Urlโ€‹Keyedโ€‹Anonymizedโ€‹Dataโ€‹Collectionโ€‹Enabled policy settings.


Expanding predictive phishing protection
Your password is the key to your online identity and data. If this key falls into the hands of attackers, they can easily impersonate you and get access to your data. We launched predictive phishing protections to warn users who are syncing history in Chrome when they enter their Google Account password into suspected phishing sites that try to steal their credentials.

With this latest release, weโ€™re expanding this protection to everyone signed in to Chrome, even if you have not enabled Sync. In addition, this feature will now work for all the passwords you have stored in Chromeโ€™s password manager.

If you type one of your protected passwords (this could be a password you stored in Chromeโ€™s password manager, or the Google Account password you used to sign in to Chrome) into an unusual site, Chrome classifies this as a potentially dangerous event.

In such a scenario, Chrome checks the site against a list on your computer of thousands of popular websites that are known to be safe. If the website is not on the safe-list, Chrome checks the URL with Google (after dropping any username or password embedded in the URL). If this check determines that the site is indeed suspicious or malicious, Chrome will immediately show you a warning and encourage you to change your compromised password. If it was your Google Account password that was phished, Chrome also offers to notify Google so we can add additional protections to ensure your account isn't compromised.

By watching for password reuse, Chrome can give heightened security in critical moments while minimizing the data it shares with Google. We think predictive phishing protection will protect hundreds of millions more people.
...



๐Ÿ“Œ Better password protections in Chrome - How it works


๐Ÿ“ˆ 43.81 Punkte

๐Ÿ“Œ Firefox 76 Released with New Password Protections, Better Picture in Picture Mode


๐Ÿ“ˆ 28.86 Punkte

๐Ÿ“Œ Chrome 86 Brings Password Protections For Android and iOS, VP9 For MacOS Big Sur


๐Ÿ“ˆ 25.43 Punkte

๐Ÿ“Œ New Password Protections (and more!) in Chrome


๐Ÿ“ˆ 25.43 Punkte

๐Ÿ“Œ New Year, new password protections in Chrome


๐Ÿ“ˆ 25.43 Punkte

๐Ÿ“Œ You better watch out, you better not cry. Better not pout, I'm telling you why: SQLite vuln fixes are coming to town


๐Ÿ“ˆ 23.31 Punkte

๐Ÿ“Œ Better Border Protections for Your Electronic Devices - Threat Wire


๐Ÿ“ˆ 22.86 Punkte

๐Ÿ“Œ UK Parliament's human rights committee pushes for better protections of coronavirus contact-tracing data in law


๐Ÿ“ˆ 22.86 Punkte

๐Ÿ“Œ How Google Chromeโ€™s Password Checkup Extension Works


๐Ÿ“ˆ 20.95 Punkte

๐Ÿ“Œ How Google Chromeโ€™s Password Checkup Extension Works


๐Ÿ“ˆ 20.95 Punkte

๐Ÿ“Œ The password hall of shame (and 10 tips for better password security)


๐Ÿ“ˆ 19.78 Punkte

๐Ÿ“Œ Google Improves Chrome Protections Against Use-After-Free Bug Exploitation


๐Ÿ“ˆ 19.43 Punkte

๐Ÿ“Œ New Chrome Protections from Deception


๐Ÿ“ˆ 19.43 Punkte

๐Ÿ“Œ New Chrome Protections from Deception


๐Ÿ“ˆ 19.43 Punkte

๐Ÿ“Œ New protections for Enhanced Safe Browsing users in Chrome


๐Ÿ“ˆ 19.43 Punkte

๐Ÿ“Œ Latest Stable GTK+ Toolkit Works Better on OpenGL ES 2.0, over 20 Bugs Fixed


๐Ÿ“ˆ 18.38 Punkte

๐Ÿ“Œ Latest Stable GTK+ Toolkit Works Better on OpenGL ES 2.0, over 20 Bugs Fixed


๐Ÿ“ˆ 18.38 Punkte

๐Ÿ“Œ Will ryzen 17 700 with rx 480 8GB works better than i7 7700 with 1070 on linux?


๐Ÿ“ˆ 18.38 Punkte

๐Ÿ“Œ [Self Post] How Unix Works: Become a Better Software Engineer


๐Ÿ“ˆ 18.38 Punkte

๐Ÿ“Œ At last I have found an assistant that works for linux. It is not as accurate as google but probably better than cortana.


๐Ÿ“ˆ 18.38 Punkte

๐Ÿ“Œ Are Remote Workers More Productive Because Asynchronous Communication Just Works Better?


๐Ÿ“ˆ 18.38 Punkte

๐Ÿ“Œ AE Works Designing Better Security with BlackFog


๐Ÿ“ˆ 18.38 Punkte

๐Ÿ“Œ Setting up Django in a Better Way in 5 Minutes and Understanding How It Works


๐Ÿ“ˆ 18.38 Punkte

๐Ÿ“Œ Shot To Prevent HIV Works Better Than Daily Pill in Women


๐Ÿ“ˆ 18.38 Punkte

๐Ÿ“Œ Anyone else use Wayland because it works better than X11 on their hardware?


๐Ÿ“ˆ 18.38 Punkte

๐Ÿ“Œ Chrome 69 Arrives With Revamped Design, More Powerful Omnibox, and Better Password Manager


๐Ÿ“ˆ 18.11 Punkte

๐Ÿ“Œ Password managers are great -- until you lose the password to your password manager


๐Ÿ“ˆ 18.01 Punkte

๐Ÿ“Œ Password managers are great -- until you lose your password manager password


๐Ÿ“ˆ 18.01 Punkte











matomo