Data breaches happen a lot, and Google’s Password Checkup can be a useful tool to inform you that your login information might have been exposed. Now the tool is making the leap from the Chrome browser to Android phones (opens in new tab).
Android users will now find Password Checkup as part of the “Autofill with Google” feature. So when you save time filling in online forms with saved data, Google will also be able to tell you when you need to update your login information.
- Chrome vs Firefox vs Microsoft Edge: Which browser wins?
- These are the best Google Chrome extensions you can install right now
- Plus: Telegram just got one of WhatsApp's best features — here's how to use it
This new iteration of the Password Checkup feature takes the passwords you’ve stored in Android’s own password manager and checks them against a database of publicly known data breaches. If your password has leaked online, you will get a warning telling you it needs to change.
Google has also made it clear that it can be trusted to keep your passwords secure during this process. None of your information is shared in plaintext, and the only thing leaving your phone is a partially encrypted hash.
The first two bytes of that hash are unencrypted so the breach database has something to work with, and it sends back a list of breached credentials that share the same two-byte prefix. Google is then able to check your credentials against known leaked information, and it warns you if it finds any matches.
That last part of the process happens locally so none of your passwords or other unencrypted information ever leaves your phone. Naturally, you won’t have access to any unencrypted information from the breach database either.
Password Checkup is already rolling out to Android phones running Android 9 or above, although you will need to turn on Autofill to actually make use of it.
Go to Setting > System> Languages & input > Advanced > Auto-fill service. Click the Settings gear icon next to Google, and Android will take you through the motions of setting everything up.
Next time you log into a service with a dodgy password, Google will warn you about it. But that’s about all it can do, and changing that password is completely up to you.
If you've been using the same passwords for everything, you’re going to have to remember to change them all. Google can also help you with that, but it's often better to use a stand-alone password manager. Just remember to pick something unique for each one, ok?