Google has a tool designed to securely analyze your passwords against a database of ones that are known to be compromised and breached. Password Checkup is available as an extension or a web service. Here’s how to use it.
Check Your Passwords with the Extension
If you don’t use a third-party password manager or don’t use strong and secure passwords, the Password Checkup extension by Google helps you know if a password you use for non-Google websites has been exposed.
Whenever you sign-in to an account, the extension checks the password against a database of known breaches—hashing both and comparing the results. If the password you use is among the list of known breaches, it alerts you and suggests you reset your password.
Fire up Chrome and head on over to the Chrome web store for the Password Checkup extension. Once there, click “Add To Chrome” to start the download.
Read the extension’s permissions and then click “Add Extension” to add it to your browser.
After the extension installs, the icon will appear in the toolbar or the Chrome menu. Clicking on it will show how many passwords were analyzed in the past week.
Additionally, there’s a Chrome flag you can enable, which does essentially the same thing. The difference is that the entire process takes place in the background, only alerting you if it notices a breached password.
You can enable the flag by copying the following address and pasting it into Chrome’s Omnibox:
Choose “Enabled” from the dropdown box and then click the “Relaunch” to restart the browser.
Check All Your Stored Passwords with Password Checkup Online
If you use the Password Checkup extension but want to be able to check all the passwords you have saved in Chrome’s password manager, Google has a website dedicated to exactly that. Instead, use the same checkup tool to analyze all the passwords you’ve already entered and synced to your Google account at the same time.
Fire up your browser, head on over to the Google Password Manager’s website, and then click the “Check Passwords” button.
If you use a passphrase to encrypt passwords in your Google account, you won’t be able to use this feature unless you remove the current passphrase.
Next, click “Check Passwords” to get started.
To confirm it’s you, enter your Google account password and then click “Next” to continue.
After the check has completed, the page will display if it found any compromised, reused, or weak passwords below.
If Password Checkup found any conflicts with your stored passwords, a warning will appear next to the area that needs addressing. Click on the down arrow next to the alert and then click on “Change Password” to be redirected to the account management page for that account.
After you change your account’s password, you’re good to go. If you use the same password for any other accounts that aren’t synced in your Google account, reset those passwords as well.