Google adds Password Checkup to Android

Make sure you have Google Autofill turned on to enable this feature.

Credit: Google

Google said Tuesday that it’s ensuring that password security straddles both your phone, your PC, and your Chromebook. The company is bringing Password Checkup, a feature it introduced to Chrome in 2019, to Android.

Password Checkup simply ensures that a password you either pick or are currently using hasn’t been exposed in a password breach. Every year or so password files at major sites are breached and leaked to the web. Knowing if your password has been stolen and compromised is a significant part of maintaining your online security.

More stories
The best password managers
Why your browser’s password manager isn’t good enough
5 alarming facts in honor of World Password Day

Google is bringing Password Checkup to Android versions 9 and later, via what it calls Autofill for Google. “Whenever you fill or save credentials into an app, we’ll check those credentials against a list of known compromised credentials and alert you if your password has been compromised,” Arvind Kumar Sugumar, a software engineer with the Android team, wrote in a blog post announcing the move. 

That popup alert, shown in the image above, will also bring you to the Password Manager page, where you can review your passwords—and, more importantly—check to see if any passwords have been compromised or duplicated. Google, like Microsoft or any number of free password managers, will store your passwords in a secure vault. To let Google select a randomized password for you, you can access the service’s password-creation field, long-press it, and then select “Autofill.”

You’ll need to make sure to have Autofill enabled on your Android device before you can do that. To do so, follow the following instructions.

  1. Open your phone’s Settings app
  2. Tap System > Languages & input > Advanced
  3. Tap Autofill service
  4. Tap Google to make sure the setting is enabled

Your phone will send an encrypted hash of the database to Google, with the first two bytes unencrypted to partition the database. Google said, however, that it will send a list of breached credentials that share the same prefix back to your device. There, your device will privately confirm whether your password has been compromised—Google won’t know anything about it.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.
Mark Hachman

Mark Hachman

PC World (US online)
Show Comments

Most Popular Reviews

Latest Articles


PCW Evaluation Team

Cate Bacon

Aruba Instant On AP11D

The strength of the Aruba Instant On AP11D is that the design and feature set support the modern, flexible, and mobile way of working.

Dr Prabigya Shiwakoti

Aruba Instant On AP11D

Aruba backs the AP11D up with a two-year warranty and 24/7 phone support.

Tom Pope

Dynabook Portégé X30L-G

Ultimately this laptop has achieved everything I would hope for in a laptop for work, while fitting that into a form factor and weight that is remarkable.

Tom Sellers


This smart laptop was enjoyable to use and great to work on – creating content was super simple.

Lolita Wang


It really doesn’t get more “gaming laptop” than this.

Featured Content

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?