People who use devices running Android 9 or newer will be alerted if their login credentials have been stolen
Google is extending its Password Checkup feature to Android in a bid to help people make their online accounts more secure. Originally introduced as an extension for the Google Chrome web browser two years ago, the tool was later integrated into Chrome for desktop before making its way into the browser’s versions for Android and iOS.
The feature will now work with Android apps through “Autofill with Google”, which can be enabled through the device’s settings. “Whenever you fill or save credentials into an app, we’ll check those credentials against a list of known compromised credentials and alert you if your password has been compromised,” reads Google’s blog post announcing the release.
For added security, if a user is alerted to a compromised password, the prompt can navigate them to the Password Manager page, which will allow them to complete a comprehensive review of all their passwords. Password Checkup will be available for all devices running Android 9 or above.
Google assured users that their security and privacy is at the forefront when it comes to handling their sensitive data. “Autofill with Google is built on the Android autofill framework which enforces strict privacy & security invariants that ensure that we have access to the user’s credentials only in the following two cases: 1) the user has already saved said credential to their Google account; 2) the user was offered to save a new credential by the Android OS and chose to save it to their account,” said Google.
The company also gave assurances that the usernames and passwords are hashed and encrypted and that nobody, including the company itself, is able to derive the username or password from the encrypted copy. For example, the process of determining whether the user’s credentials were breached or not takes place locally on their smartphone.
Beyond Password Checkup, users can rely on other security features that Autofill with Google offers, such as password generation and biometric authentication. The former is aimed at users who’d like to avoid common pitfalls of password creation such as recycling the same password over and over again; meanwhile, the latter adds an extra layer of security by requiring biometric authentication anytime a user fills in their credentials or payment information.
Says ESET security specialist Jake Moore about the new feature: “This password checkup tool is crucial in its simplicity, and when integrated with a password manager that offers a password generator tool, users will get even better protection.”
Here’s hoping Password Checkup will be a nudge in the right direction for many Android users, including those who log into their favorite online services with strings such as “123456”, “password” or other poor choices that regularly appear on the lists of the most common passwords.