Legions of people use awful, easily guessable passwords. Much worse, many people reuse passwords across multiple sites and services. That means that if one site leaks your info, hackers can potentially gain access to any of your other accounts that use the same login information.
Google wants to stop that from happening. On Wednesday, the search giant launched Password Checkup, a new service that scans all of the passwords you’ve saved in Chrome against lists of known leaks to see if your data’s been compromised.
The feature builds on top of the password manager Google built into Chrome late last year.
Here’s how it works. Head over to passwords.google.com and you’ll see Password Checkup at the top of the page. Clicking the “Check Passwords” link prompts you to sign into your Google Account again to verify your identity, After you do so, Google will scan your passwords, then generate a report that identifies reused passwords, compromised passwords, and weak passwords. Sifting through the list also serves as a helpful reminder of any throwaway accounts you may have created for various websites (and should probably delete).
The best overall password manager
Chrome offers to change your flagged passwords using its built-in password manager, but we’d recommend picking up a dedicated password manager for fuller-featured protection that isn’t tied to Google’s browser alone. Check out our guide to the best password managers for top picks and what to look for.
Right now, you need to manually visit your Google passwords page and run Password Checkup for it to run. By comparison, Troy Hunt’s superb Have I Been Pwned service offers automatic email notifications whenever your credentials show up in breaches. But Password Checkup will get more powerful in the coming months: “Later this year, we’ll build Password Checkup technology directly into Chrome for everyone—so you get real time protection as you type your password without needing to install a separate extension,” Google says.
Bottom line: This is excellent. Reusing passwords, especially weak passwords, is one of the biggest security risks on the Internet. Google leveraging Chrome to bring it to people’s attention before your accounts get hacked is nothing but a good thing.