PassProtect warns you about insecure passwords

Martin Brinkmann
May 28, 2018
Google Chrome, Google Chrome extensions
|
1

PassProtect is a free browser extension for Google Chrome that warns you when you are about to create accounts online using insecure passwords or about to sign in to an account using a weak password.

Most online sites and services have pretty lax policies when it comes to passwords that users may select. That's one reason why many Internet users select easy to remember passwords; the downside to this is that these passwords can be "guessed" easily by using brute force attacks or passwords from previous breaches that leaked on the Internet.

While I recommend the use of password managers, KeePass (see also how to improve KeePass security) is my personal favorite, to generate unique strong passwords for any site and service, weak passwords are still widespread on the Internet and it does not appear as if this is going to change anytime soon.

PassProtect

PassProtect is a simple add-on as its core. Whenever you type a password in a sign-up or sign-in form, it is checked automatically against the Have I Been Pwned database using the password's hash (in other words, the selected password is not transmitted to the service, only its hash is).

Have I Been Pwned is a free online service that maintains a database of known breaches and affected accounts. You may use it to check whether accounts associated with your email addresses were leaked or stolen in breaches, and whether a password is in the service's database (meaning it was leaked in the past).

PassProtect displays a warning overlay on the screen when it detects the password in the Have I Been Pwned database. While it is still possible to use the password to create the account or keep on using it for the account to sign in, it is not the best course of action.

If a password is found in the database it is likely that attackers will use it in brute force attacks against sites and accounts on the Internet.

The creators of the extension recommend to change the password immediately or select a different password when creating the account.

Mozilla revealed recently that it considers adding breach warnings to Firefox. KeePass users may use the plugin KeePassHIBP to check passwords against the Have I Been Pwned database.

Closing Words

PassProtect is a useful extension for Chrome users who don't use  a password manager or password generators to create unique strong passwords. It has little use to users who generate unique passwords for accounts, though.

The extension would make a good native addition to browser's in my opinion provided that users get to turn the feature off and that data privacy is a focus.

Now You: How do you pick passwords for accounts?

Summary
Author Rating
no rating based on 0 votes
Software Name
PassProtect
Software Category
Browser
Landing Page
Advertisement

Previous Post: «
Next Post: «

Comments

  1. owl said on June 3, 2018 at 9:18 am
    Reply

    lthough derail from the question “How do you pick passwords for accounts?”,
    I installed it on Chromium based Vivaldi (1.15.1147.42 Stable channel 64-bit).
    It registered to the extensions panel, but it does not appear in the URL bar and does not work.
    On the other hand, it worked properly on Chromium based Iridium browser (2018.4.66.0 – x64).

    I posted an issue to the developer through GitHub
    “Thanks, I’ll look into this! Not familiar with those tools.”
    He replied.

    As Author’s Martin mentioned
    GitHub had Topic of “We are struggling for compatibility with Firefox, incomplete at the moment”.
    https://github.com/OktaSecurityLabs/passprotect-js/issues/1
    Once completed, it will be posted on the Firefox add-on site.
    I am looking forward to its realization (compatible with Firefox).

    By the way, on the subject
    I am using Password Manager “KeePass Password Safe 2.39.1”.
    By making use of the password generation option, it create the only password with as complicated structure as possible.
    All passwords are managed by “KeePass Password Safe”.
    This “KeePass Password Safe” is strictly managed in Local.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.