Wednesday, December 11, 2019

Google expands password and phishing protection features in Chrome 79

I have a dozen electronic devices that I use for different purposes.
And a dozen different locations, wires, and wifi to go online.
Helps avoid tracking and hacking just to keep activities separate.
This is tricky, but easy to remember use x device at y location using z wires or wifi.

Most work can be done offline or with no electronics at all.
Even if I go online I avoid setting up accounts online.
Especially accounts that require frequent logins.

I try to bank and shop and mail stuff in person.
But for some activities such as banking and shopping I still need a login.

Google is the best on the internet.
Google makes more money by stopping hacks, jailing hackers, thieves, foreign criminals and stopping you from getting hacked and robbed.
Any money lost to overseas criminals is less money in USA business and consumers.

Google Chromebook the safest way to go online,
 fastest, 
cheapest,
and all I use for important logins.

Google email Gmail is the best 
(Apple devices are better in some ways so I still mainly use Apple mail on the big iMac)

Now Chromebook and Chrome getting safer.
Clever system:

Google expands password and phishing protection features in Chrome 79. 
https://google.com/newsstand/s/CBIw-tCB3kM

Google launched the Password Checkup Chrome extension. 

This extension warned you when any of your usernames or passwords showed up in a data breach. 

In October, 
Google integrated this Password Checkup into the Google Account, 
making it accessible from passwords.google.com. 

Now, Chrome 79 is integrating this feature. 
It can be controlled in the "Sync and Google Services" section of Chrome's Settings.

Here's how it works, according to Google:

• Google maintains a database consisting of hashed copies of usernames and passwords exposed in data breaches. 

The data is encrypted with a secret key known only to Google.

• If you sign in to any website, Chrome sends a hashed copy of your entered username and password to Google. 

The data is encrypted with a secret key known only to Chrome, so no one – including Google – can derive your username or password.

• Google uses a technique called private set intersection with blinding 
to compare your hashed and encrypted username and password against their database
 – all without revealing any information about your or any other user's login information.

• Only the user is notified if their username and password are compromised.

Real-time phishing protection

Google's Safe Browsing service warns users if they're visiting an unsafe website 
by checking a partial URL fingerprint 
(the first 32-bits of a SHA-256 hash) 
against a local blocklist updated every 30 minutes. 

Google never sees the full URL of the site you visit this way, 
and for the most part, 
they're able to keep up with the thousands of phishing websites on the web.

 However, some phishing sites switch domains very quickly or hide from Google's web crawlers, resulting in them slipping under Safe Browsing's 30-minute refresh window.

In response, 
Google is enabling real-time phishing protection in Chrome 79. 
Now, Chrome will anonymously check the URL of websites you visit that aren't on its safe-list 
(a local list of thousands of popular websites known to be safe). 

Google says this new real-time phishing protection has resulted in a 30% increase in protection 
as users are now warned about newly discovered malicious sites 
that previously slipped under Safe Browsing's 30-minute refresh window. 
This feature can be controlled by the user with the 
"Make searches and browsing better" setting.

Back in 2017, Google launched predictive phishing predictions 
to warn users if they enter their Google Account password into suspected phishing sites.
 Until now, this protection was only enabled for users who turned on sync in Chrome. 

Now, this protection is expanding to work for everyone signed in to Chrome – with or without sync enabled. 
Furthermore, this feature now works with all passwords stored in Chrome's password manager – not just your Google Account password.

Visual update to Chrome profiles

If you have multiple Google Accounts signed in to Chrome, 
you'll see a new visual representation of the profile you're currently using. 

The profile menu itself has also received a new look. 
Both of these UI changes were done for the sake of ensuring you know you're saving your passwords to the right profile.

Many of these new features were developed at the Google Safety Engineering Center (GSEC), a hub of privacy and security product engineers in Munich. 

These newly announced features will be rolled out gradually with the latest Chrome release.



No comments:

Post a Comment