PassProtect is a free browser extension for Google Chrome that warns you when you are about to create accounts online using insecure passwords or about to sign in to an account using a weak password.
Most online sites and services have pretty lax policies when it comes to passwords that users may select. That's one reason why many Internet users select easy to remember passwords; the downside to this is that these passwords can be "guessed" easily by using brute force attacks or passwords from previous breaches that leaked on the Internet.
While I recommend the use of password managers, KeePass (see also how to improve KeePass security) is my personal favorite, to generate unique strong passwords for any site and service, weak passwords are still widespread on the Internet and it does not appear as if this is going to change anytime soon.
PassProtect is a simple add-on as its core. Whenever you type a password in a sign-up or sign-in form, it is checked automatically against the Have I Been Pwned database using the password's hash (in other words, the selected password is not transmitted to the service, only its hash is).
Have I Been Pwned is a free online service that maintains a database of known breaches and affected accounts. You may use it to check whether accounts associated with your email addresses were leaked or stolen in breaches, and whether a password is in the service's database (meaning it was leaked in the past).
PassProtect displays a warning overlay on the screen when it detects the password in the Have I Been Pwned database. While it is still possible to use the password to create the account or keep on using it for the account to sign in, it is not the best course of action.
If a password is found in the database it is likely that attackers will use it in brute force attacks against sites and accounts on the Internet.
The creators of the extension recommend to change the password immediately or select a different password when creating the account.
PassProtect is a useful extension for Chrome users who don't use a password manager or password generators to create unique strong passwords. It has little use to users who generate unique passwords for accounts, though.
The extension would make a good native addition to browser's in my opinion provided that users get to turn the feature off and that data privacy is a focus.
Now You: How do you pick passwords for accounts?
Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.
We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats or subscription fees.
If you like our content, and would like to help, please consider making a contribution:
Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular tech news sites on the Internet with five authors and regular contributions from freelance writers.