PassProtect warns you about insecure passwords

PassProtect is a free browser extension for Google Chrome that warns you when you are about to create accounts online using insecure passwords or about to sign in to an account using a weak password.

Most online sites and services have pretty lax policies when it comes to passwords that users may select. That's one reason why many Internet users select easy to remember passwords; the downside to this is that these passwords can be "guessed" easily by using brute force attacks or passwords from previous breaches that leaked on the Internet.

While I recommend the use of password managers, KeePass (see also how to improve KeePass security) is my personal favorite, to generate unique strong passwords for any site and service, weak passwords are still widespread on the Internet and it does not appear as if this is going to change anytime soon.

PassProtect

PassProtect is a simple add-on as its core. Whenever you type a password in a sign-up or sign-in form, it is checked automatically against the Have I Been Pwned database using the password's hash (in other words, the selected password is not transmitted to the service, only its hash is).

Have I Been Pwned is a free online service that maintains a database of known breaches and affected accounts. You may use it to check whether accounts associated with your email addresses were leaked or stolen in breaches, and whether a password is in the service's database (meaning it was leaked in the past).

PassProtect displays a warning overlay on the screen when it detects the password in the Have I Been Pwned database. While it is still possible to use the password to create the account or keep on using it for the account to sign in, it is not the best course of action.

If a password is found in the database it is likely that attackers will use it in brute force attacks against sites and accounts on the Internet.

The creators of the extension recommend to change the password immediately or select a different password when creating the account.

Mozilla revealed recently that it considers adding breach warnings to Firefox. KeePass users may use the plugin KeePassHIBP to check passwords against the Have I Been Pwned database.

Closing Words

PassProtect is a useful extension for Chrome users who don't use  a password manager or password generators to create unique strong passwords. It has little use to users who generate unique passwords for accounts, though.

The extension would make a good native addition to browser's in my opinion provided that users get to turn the feature off and that data privacy is a focus.

Now You: How do you pick passwords for accounts?