Google already checks your passwords to see if they’ve been compromised on your PC’s Chrome browser. Now your Android phone will add the same Password Checker feature.

Google said Tuesday that its ensuring that password security straddles both your phone, your PC, and your Chromebook. The company is bringing Password Checkup, a feature it introduced to Chrome in 2019, to Android.
Password Checkup simply ensures that a password you either pick or are currently using hasnt been exposed in a password breach. Every year or so password files at major sites are breached and leaked to the web. Knowing if your password has been stolen and compromised is a significant part of maintaining your online security.
More stories
The best password managers
Why your browsers password manager isnt good enough
5 alarming facts in honor of World Password Day
Google is bringing Password Checkup to Android versions 9 and later, via what it calls Autofill for Google. Whenever you fill or save credentials into an app, well check those credentials against a list of known compromised credentials and alert you if your password has been compromised, Arvind Kumar Sugumar, a software engineer with the Android team, wrote in a blog post announcing the move. 
That popup alert, shown in the image above, will also bring you to the Password Manager page, where you can review your passwordsand, more importantlycheck to see if any passwords have been compromised or duplicated. Google, like Microsoft or any number of free password managers, will store your passwords in a secure vault. To let Google select a randomized password for you, you can access the services password-creation field, long-press it, and then select Autofill.
Youll need to make sure to have Autofill enabled on your Android device before you can do that. To do so, follow the following instructions.

  1. Open your phones Settings app
  2. Tap System > Languages & input > Advanced
  3. Tap Autofill service
  4. Tap Google to make sure the setting is enabled

Your phone will send an encrypted hash of the database to Google, with the first two bytes unencrypted to partition the database. Google said, however, that it will send a list of breached credentials that share the same prefix back to your device. There, your device will privately confirm whether your password has been compromisedGoogle wont know anything about it.
Note: When you purchase something after clicking links in our articles, we may earn a small commission. Read our affiliate link policy for more details.