BADPASSWORDS1234

The world’s biggest database of hacked passwords is now a Chrome extension that checks yours automatically

Try again.
Try again.
Image: EPA/Ritchie B. Tongo
We may earn a commission from links on this page.

Choosing a strong password is an essential move in guarding against hackers. But even if your password checks all the right boxes, you still may be using one that’s been breached—or one that’s been used so often that it’s one of the most common for hackers to try.

That’s more common than you might think. An analysis of 6.8 million passwords hacked from CashCrate in 2016 revealed that 86% of the passwords had already been leaked in previous data breaches. Reusing compromised passwords (or repeating others’ weak ones) is believed to be the cause of more than 75%of corporate cyberattacks, according to the consulting firm Deloitte.

You can check to see if your current passwords have previously been hacked on the website have i been pwned?. Now the cybersecurity firm Okta has built a Chrome browser extension that allows you to automatically check your passwords against the pwned database as you enter credentials onto a website.

If there’s a match, the extension warns you that the password has been compromised. If you’re currently using an old or easy password, that warning is likely to pop up.

Okta is hoping that people install the extension on their own, and developers plug into the tool so that it will also work in the background of popular sites. Here’s an example from Match.com.

Screenshot of Okta’s password protection feature released May 23 and integrated into Match.com