Google Password audits all your passwords to reveal weak, reused or compromised passwords
Google Password, an online service that stores passwords of user accounts, may now audit all stored passwords to reveal weak, reused or compromised passwords to the account owner.
The company announced the new feature on October 2, 2019 on the official Safety & Security blog alongside other privacy improvements to various Google-owned services and products.
Passwords get synchronized between Chrome installations using the online password manager if the user signs-in to Google Chrome and enables sync functionality in the browser.
The new password auditing functionality is already available. Here is how you start an audit of your saved passwords using the Google Password manager:
- Load https://myaccount.google.com/security in your browser of choice. If you are not signed-in to a Google account you are asked to do so. The page that opens is the Security management page of the account.
- Scroll down on the page until you get to the "signing in to other sites" section at the bottom of the page. Select the "Password Manager" option there.
- The page that opens lists all saved passwords and a "password checkup" option at the top. Select the "check passwords" link underneath it.
- The next page reveals what the tool does (checks the security of stored passwords). Activate the "check passwords" button on the page.
- You are asked to enter the account password again. Click on Next once you have done so.
- Google analyzes the passwords and groups passwords into compromised, reused and weak lists on the results page.
Green indicates that no issue has been found, other colors indicate issues that need your attention. The screenshot above shows that two weak passwords were identified by Google.
A click on the down arrow next to the entry displays the accounts and an option to change the password for each of the accounts. You may click on the menu icon next to an entry to display options to view the password, update the saved password, or delete it.
The change password links opens the linked URL; you have to figure out how to change the password on the site manually at that point.
Google may not recognize that the password changed if you don't use Chrome; you need to use the manual update password option in that case to get it to update.
Chrome password management improvements
Google published a Password Checkup extension for the company's Chrome browser in February 2019 designed to inform users about password related issues.
The tool checks passwords when they are used against a database of leaked (and thus potentially compromised) passwords. Users are informed if passwords that they use are found in the database and encouraged to change these.
In August 2019, Google announced that it would integrate the password checker directly in the Chrome web browser.
Google is not the only browser maker that is improving password management and security capabilities. Mozilla launched Firefox Monitor in 2018 as a way to receive alerts about breaches and has plans to update the built-in password manager as well.
Now You: how do you manage passwords and keep an eye on them?Advertisement