The heart of tech

This article was published on May 23, 2018


PassProtect warns Chrome users when their username or passwords get pwned

PassProtect warns Chrome users when their username or passwords get pwned
Matthew Hughes
Story by

Matthew Hughes

Former TNW Reporter

Matthew Hughes is a journalist from Liverpool, England. His interests include security, startups, food, and storytelling. Follow him on Twi Matthew Hughes is a journalist from Liverpool, England. His interests include security, startups, food, and storytelling. Follow him on Twitter.

Data breaches happen all the time. When they do, it’s invariably bad, with countless people ensnared. The MySpace breach, for example, impacted nearly 360 million. LinkedIn impacted 165 million more. One tool helping to mitigate the aftermath is Okta’s new Chrome plugin, PassProtect.

As you type your username and password in real-time, it checks it against Troy Hunt‘s Have I Been Pwned (HIBP) and sees if it’s been found in a recent breach.

If you’re using a risky password, it’ll let you know, so you can instead choose something more secure. Here’s how it looks:

The tool itself uses k-anonymity techniques to ensure that your password isn’t transmitted across the Internet while the plugin checks it against the HIBP API.

You can download PassProtect for Chrome from today. Developers will be glad to know that Okta has released a version as a JavaScript library, should you wish to integrate it into your website.