It’s been two years since the release of the Password Checkup extension for Google Chrome, and the benefits for the users have been well-documented. Now, Google wants to bring the automated breach alert tool to Android so that users of mobile devices can stay safe and secure without having to do much themselves.
So, from now on, whenever Android users fill or save their credentials into an app through the "Autofill with Google" function, the Checkup will perform a check against a list of known compromised credentials. If there’s a breach, the user will receive an alert urging them to change the password.
To activate the Autofill service, open the Settings app, navigate to System > Languages & input > Advanced, select Autofill, and then tap Google. The Checkup will become available soon for all users who are on Android 9 and above, but it can only work when the “Autofill with Google” system is enabled.
Google addresses any concerns about privacy by explaining that the exchange of the information between the device and its credential-checking database is done in a fully encrypted way. The credentials leave the device in the form of an encrypted hash, while the server returns a list of encrypted hashes for the breached credentials that share the same prefix. The check and determination on whether the password has leaked or not takes place entirely on the user’s device, so it’s a localized function that doesn’t involve Google.
In addition to the above, Google will also add a password-generation system on Android so that users may generate strong and unique passwords automatically. Autofill will store these passwords and offer them when needed, so the user won’t have to remember them.
To help users have more confidence in Autofill, Google allows the addition of biometric authentication as an extra layer of protection that can be coupled with Autofill. This way, the process of logging in will remain quick and comfortable for the user, even though an extra step is added.
While this is admittedly a positive addition, it’s nothing new in the Android world. The Play Store hosts several reliable and strong password management solutions with generation functions, biometric 2FA support, and even “live” credential breach notifications. Thus, if for any reason you don’t want to trust Google’s Checkup, you may want to consider other available options that have better multi-platform integration.