Google adds Password Checkup to Android
Make sure you have Google Autofill turned on to enable this feature.
Google has announced it’s ensuring that password security straddles both your phone, your PC and your Chromebook. The company is bringing Password Checkup, a feature it introduced to Chrome in 2019, to Android.
Password Checkup simply ensures that a password you either pick or are currently using hasn’t been exposed in a password breach. Every year or so password files at major sites are breached and leaked to the web. Knowing if your password has been stolen and compromised is a significant part of maintaining your online security.
Google is bringing Password Checkup to Android versions 9 and
later, via what it calls Autofill for Google. “Whenever you fill or save credentials into an app, we’ll check those credentials against a list of known compromised credentials and alert you if your password has been compromised,” Arvind Kumar Sugumar, a software engineer with the Android team, wrote in a blog post announcing the move.
That pop-up alert, shown in the image opposite, will also bring you to the Password Manager page, where you can review your passwords and check to see if any have been compromised or duplicated. Google, like Microsoft or any number of free password managers, will store your passwords in a secure vault. To let Google select a randomized password for you, you can access the service’s password-creation field, longpress it and then select ‘Autofill’.
You’ll need to make sure to have Autofill enabled on your Android device before you can do that. To do so:
1. Open your phone’s Settings app.
2. Tap System > Languages & input > Advanced.
3. Tap Autofill service.
4. Tap Google to make sure the setting is enabled.
Your phone will send an encrypted hash of the database to Google, with the first two bytes unencrypted to partition the database. Google said, however, that it will send a list of breached credentials that share the same prefix back to your device. There, your device will privately confirm whether your password has been compromised – Google won’t know anything about it.