Android users can now take advantage of the Password Checkup feature that Google first introduced in its Chrome web browser in late 2019, the OS maker announced today.
Best password managers for business in 2020: 1Password, Keeper, LastPass, and more
Everyone needs a password manager. It’s the only way to maintain unique, hard-to-guess credentials for every secure site you and your team access daily.
On Android, the Password Checkup feature is now part of the “Autofill with Google” mechanism, which the OS uses to select text from a cache and fill in forms.
The idea is that the Password Checkup feature will take passwords stored in the Android OS password manager and check them against a database containing billions of records from public data breaches and see if the password has been previously leaked online.
If it has, a warning is shown to the user.
Google says that users have nothing to fear when it comes to this password-checking mechanism, which does not share their credentials in cleartext over the network, and works as follows:
- Only an encrypted hash of the credential leaves the device (the first two bytes of the hash are sent unencrypted to partition the database)
- The server returns a list of encrypted hashes of known breached credentials that share the same prefix
- The actual determination of whether the credential has been breached happens locally on the user’s device
- The server (Google) does not have access to the unencrypted hash of the user’s password and the client (User) does not have access to the list of unencrypted hashes of potentially breached credentials.
The Password Checkup feature is rolling out today for all Android 9+ users. To enable Password Checkup, users should make sure Autofill with Google is activated on their devices by following the steps below:
- Open your phone’sSettingsapp
- TapSystemLanguages & inputAdvanced
- Tap Autofill service
- Tap Google to make sure the setting is enabled
A similar password-checkup feature isalready present in iOS 14 since last summer. Most web browsers also have similar password-breach-checking features for years, such as the ones found in Firefox, Chrome, Safari, and Microsoft Edge.
- 30,000 Macs infected with new Silver Sparrow malware
- Cyber security 101: Protect your privacy from hackers, spies, and the government
- The best antivirus software and apps
- The best VPNs for business and home use
- The best security keys for two-factor authentication
- Phishing tricks crooks use to make you open malware email attachments (ZDNet YouTube)