Password Checkup on Android

Password Checkup. © Google.

Google is following in Apple’s footsteps by offering, as of the iOS 14, a feature able to detect if the passwords stored on your telephone are too weak or have been involved in leaks. This feature will be implemented in the Android 9 and later versions through the Autofill framework. Each time you use or save identifying information in an application, Android will warn you if your password is on the list of breached credentials on Google’s servers. The warning message invites you to go to your password manager to check all your saved passwords. Google promises that the whole process is fully secure. Google’s servers do not have access to the unencrypted hash of the user’s password and the client (User) does not have access to the list of unencrypted hashes of potentially breached credentials. In this regard, it works just like the Chrome password manager. Also, Autofill can provide secure passwords to keep users from re-using the same password across accounts, which is the worst security faux pas you can make. Finally, you can demand biometric authentication every time your identifying or payment credentials auto-populate with Autofill.

⇨ Ars Technica, Dan Goodin, “Android users now have an easy way to check the security of their passwords.”

2021-02-24