Users opted to ignore 81,368—or 25.7 percent—of the breach warnings presented to users, the study found. The researchers surmised this could be due to the fact that users were confused by the warning and reset process, didn’t think a reset was worth their time, or weren’t fully in charge of the impacted account (the impacted account was a shared household account). The study also found that while users often remember to change passwords for major sites, they’re two and a half times more likely to reuse vulnerable passwords everywhere else, opening them to account hijacking threats. A previous Google study found that 15 percent of internet users have had their email or social media accounts hijacked by a third party.
How to live without Google
This latest study found that the risk of hijacking was highest for video streaming and porn websites, where between 3.6–6.3 percent of logins relied on breached credentials. That number was much lower for financial and government sites, where only 0.2–0.3 percent of logins involved compromised login information, Google found.
Google says it’s hopeful that secure, centralized, and democratized access to password breach alerts can help nudge otherwise oblivious internet users to updating their credentials.In concert with the study, Google says it’s releasing two new features for the Password Checkup extension, including the ability for users to submit comments should they run into any issues with the tool, as well as the ability to opt-out of telemetry data the extension collects, including the number of alerts a user receives and whether it prompted a password change.
Google also says it’s working on ways to bring the same technology to Google products. “People hear about breaches all the time (unfortunately) and I imagine they feel a bit helpless because they don't even know if they've been affected; hopefully this is a way to reassure them,” a company representative told Motherboard.