Skip to main content

Google ‘Password Checkup’ leak detection will soon be built into Chrome

Earlier this year, Google created “Password Checkup,” a tool that checks if any of your passwords have been revealed in an online data breach, as an extension for desktop Chrome. In the near future, the leak detection part of Password Checkup will become a default feature of Google Chrome instead of an optional extension.

For years, services like Have I Been Pwned have offered insight into whether or not your password has ever been compromised in a data breach. Google took things a step further by offering the Password Checkup extension that automatically checks your password’s safety when logging in to various web services.

However, there are two key flaws with developing it as a browser extension. The first is that it’s still an opt-in feature, meaning you have to actively seek out password security, which many are not willing to do or even know they need to do. The second and more glaring omission is that — unlike other mobile browsers — Chrome for Android does not support extensions.

Google Password Checkup Chrome extension

Fortunately, according to the Chromium Bug Tracker, Google is looking to change things by integrating Password Checkup’s leak detection directly into Chrome. While the design documents are currently private, there are enough code changes available to piece together how it should work.

Just like the extension, Chrome will send an encrypted version of your username to the Password Checkup service, and the service will respond with an encrypted version of matching leaked usernames and passwords. This is used by your device to perform a check verifying whether or not that password has been compromised, without sharing that information with Google.

For those who, for whatever reason, do not want Google checking the safety of your passwords, it will also be possible to disable these Password Checkup features. Primarily, this is being done for the sake of enterprise customers, but the setting will likely also be available for the rest of us.

Building Password Checkup into Chrome also gives it access to the passwords synced to your Google Account. As these are passwords that you already trust Google with, Password Checkup is able to use Google’s servers to do a much faster check to see if any of them have been compromised.

Google currently has the bug for building Password Checkup into Chrome tagged to be completed for Chrome 78, which is due to release in late October. That being the case, we should see the integration arrive in Chrome Canary and Dev builds in the near future.

FTC: We use income earning auto affiliate links. More.

You’re reading 9to5Google — experts who break news about Google and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Google on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Check out 9to5Google on YouTube for more news:



Avatar for Kyle Bradshaw Kyle Bradshaw

Kyle is an author and researcher for 9to5Google, with special interests in Made by Google products, Fuchsia, and Stadia.

Got a tip or want to chat? Twitter or Email.

Kyle Bradshaw's favorite gear