The Industry’s Only SaaS-Delivered Enterprise DLP

Our unique approach to DLP allows for quick deployment and on-demand scalability, while providing full data visibility and no-compromise protection.

No-Compromise Data Protection is:

  • Cloud-Delivered
  • Cross Platform
  • Flexible Controls
DATAINSIDER

Digital Guardian's Blog

Chrome, Firefox Introduce New Password Security Features

by Chris Brook on Wednesday May 20, 2020

Contact Us
Free Demo
Chat

The line between browsers and password managers keeps blurring. Firefox and Chrome recently incorporated new ways for users to tell if passwords they’re using are compromised.

With no shortage of attacks aimed at gaining access to users' accounts these days - credential stuffing, brute force attacks, exploiting lax password reuse, web browsers have done an admirable job keeping pace, giving users new ways to know whether they’re already compromised.

Two of the most popular browsers, Mozilla Firefox and Google Chrome, have rolled out new features over the last several weeks designed to let users know whether they should change their password for a service.

Mozilla in particular pushed out a new version of Lockwise, its password management tool, earlier this month.

The update gives users a better way to generate, manage, and protect logins. If you share a computer with a friend or family member, Firefox will ask for the device's password if you're attempting to copy a password from your passwords page. If a user's password has been used on another account that was compromised in a data breach, Lockwise will alert the user and encourage them to change it. If Firefox confirms a site has been breached, the service prompts users with a warning, in a large, dark red block, urging them to change their password.

For the privacy conscious, it’s important to note the service uses an encrypted list of breached passwords and checks it against all saved passwords. It learns about breached websites following Firefox Monitor’s integration with Have I Been Pwned, a database maintained by Troy Hunt that keeps track of breached websites and compromised passwords.

The line between browsers and password managers keeps blurring – something that in theory should make us more secure.

To that point, Lockwise will also generate and autofill passwords, with a minimum of 12 random letters, numbers and symbols, if users can’t come up with their own.

Not to be outdone, Google pushed out a new version of Chrome today with a similar functionality.

With a feature the browser calls "safety check," Chrome is letting users know if any passwords they ask the browser to remember are compromised and how to fix them. The feature also checks to see if users are running the most recent version of the browser, if any harmful extensions are downloaded, and if they're running safe browsing – Google’s 13-year-old service that sniffs out malicious or phishing website.

Google also rolled out a handful of other upgrades, most notably something its called Enhanced Safe Browsing and Secure DNS. The former checks whether pages and downloads you encounter are dangerous - then builds on that data to provide protections specific to each user. Google cautions that Safe Browsing anonymizes this data after a short while so it won’t be connected to your account for long.

The latter feature, Secure DNS, upgrades users to DNS-over-HTTPS - either through their current service provider or one of their choosing, in order to better protect privacy online.

In a blog entry on Tuesday, Kenji Baheux, Chrome's Product Manager said the feature took two years of “gathering test data, listening to feedback, and addressing some misconceptions” to make.

Tags: Web Security

Recommended Resources


  • Why Data Classification is Foundational
  • How to Classify Your Data
  • Selling Data Classification to the Business
  • How to simplify the classification process
  • Why classification is important to your firm's security
  • How automation can expedite data classification

Chris Brook

Chris Brook is the editor of Data Insider. He is a technology journalist with a decade of experience writing about information security, hackers, and privacy. Chris has attended many infosec conferences and has interviewed hackers and security researchers. Prior to joining Digital Guardian he helped launch Threatpost, an independent news site which is a leading source of information about IT and business security for hundreds of thousands of professionals worldwide.