Google has now set up a tool called Password Checkup for users to check up on the security of account credentials in Chrome and this guide is designed to show how to accomplish just that. The tool in question is essentially a check to determine whether passwords have been found in any breaches of a site or service. In that sense, it works almost identically to the Chrome browser extension Google offers under the same branding.
The primary difference is that Password Checkup checks every password stored in an account linked to Chrome. The extension only checks passwords for pages that are visited. Those are pages that have fields ordinarily filled in by Autofill features. So this can be much more extensive.
Google's new Password checker also checks for duplicate passwords and for passwords that might be easy to guess.
Prerequisites to use Google Password Checkup
Now, to use Password Checkup in Chrome, users will need to ensure that sync encryption is not active. That's a process in-and-of-itself that's been covered elsewhere. Google appears to be replacing that with new, user-friendlier, user-controlled options such as Password Checkup. The tool is just easier to use, alongside others Google has introduced.
Once that's been deactivated, the Password Checkup is an automatic tool, just as the extension version was. Because it only scans passwords automatically, however, users will need to check the status of those manually.
Ordinarily, sites and accounts will notify users of larger breaches, so that's not necessarily an issue. Because that isn't always the case, Password Checkup is designed to give users a way to manually check for more individualized breaches. The process is far less tedious than some other settings in Chrome, though. So it's relatively easy to accomplish.
Check your passwords
The first step in checking passwords is simply to navigate to a website Google has set up that houses those. So users will need to enter the "passwords.google.com" URL in the address bar and then hit enter. That can also be accessed from a signed-in mobile device.
Google greets users with a welcome message that outlines the purpose of the page and at the top of the page, there's a card that reads "Password Checkup."
A link is present on that page, labeled "Check passwords."
That opens a new tab for and a brief description of Password Checkup. Clicking the button will start the process but will require verification. So users will want their log-in credentials and, if two-factor authentication is set up, a device nearby to verify the login.
Once logged in, Google displays a new page with three separate sections. The first details whether there are any compromised passwords and what those are. There are options to change the passwords too.
The following sections showcase a duplicate password checker and a weak password checker. As the first title implies, the former section presents users with any accounts stored in Google that have the same password.
Keeping the same password across multiple accounts is generally a bad idea. It allows bad actors to gain access to one account and then use the password to log into other accounts.
The second section highlights passwords that are easy for a bad actor or algorithm to guess. Tapping on either will expand the category in question.
In each case, users are presented with the option to change highlighted passwords. Within the card's three-dot menu, they can also update the password stored in Google if that's been saved elsewhere. Conversely, the final option lets users delete the stored password from their Google account.