Google is expanding the availability of its Password Checkup tool and is preparing for the end of support for older versions of TLS in Chrome.

If passwords are pirated, reused or insufficiently secured, there is a Password Checkup to warn you, that is the purpose of the Password Checkup tool.

Google launched it earlier this year as a Chrome extension.

The American group has just taken a step further by integrating it into its password manager.

Password Checkup relies on a base of several billion identifier / password pairs known to have filtered.

Several commitments are made regarding security such as:

  • Never report information that identifies a user
  • Avoid any hijacking of the tool, either on the client side or the server side
  • Minimize the footprint of cryptographic protocols that fulfill a comparable role ( PIR , PSI , OT).

The expansion has a little less than a million users and in September, Google says it analyzed 21 million logins and detected 316,000 compromised passwords.

In addition to its integration with the password manager, the tool is accessible on Android devices via the Google application.

Its arrival in Chrome is expected by the end of the year (ongoing experiment on the Canary channel).

TLS: the old ones pushed to the exit

Clarification is provided in parallel as to the end of load taking of TLS 1.0 and 1.1.

Two versions considered obsolete because of faulty encryption algorithms (MD5 and SHA-1).

A first phase is planned for January 2020 with the release of Chrome 79 and an “unsecure” indicator will appear in the address bar.

The blocking will occur beginning in March, with Chrome 81, in the form of an interstitial.

Google invites the transition to TLS 1.2 (specifications released in 2008) or any later version.

They point out that it is already well advanced: less than 1% of connections on chrome pass on TLS 1.0 or 1.1.

Older versions of the protocol may be retained until January 2021 on Chrome enterprise deployments.