Given that it’s not at all uncommon to use your email account to register on different websites and services, it’s a good idea to regularly use services such as Haveibeenpwned. These services help you figure out if any of the sites you’re subscribed to have been breached, which could compromise your passwords. Google has taken the matter into their hands by allowing you to check if your passwords saved through Chrome have been compromised, which is relatively common considering that not a week passes without encountering a new problem.
Google already had an official extension for Chrome that was able to immediately detect if a password had been compromised whenever you typed it in a web field. However, they’ve made things even easier for us. Now, you can check all your saved passwords using your account’s web settings panel.
- Using your Android: look for the Google app on your smartphone, tap on your avatar and choose the Manage your Google Account option.
- Using your browser: enter passwords.google.com and type your login credentials.
Enter your Google Account’s options panel. Then, look for the Security tab or the Protect Account option. You can take a look at different security reviews using this submenu. For example, the two-step verification activation, access third-party apps through social logins or what you’re actually looking for: password checkup. Access this last section.
Once inside, choose the Check passwords option. You’ll probably be asked to perform an additional security verification to verify that it’s you accessing it. If it’s your smartphone, you’ll be asked for the phone’s unlocking code, either your fingerprint, pattern or PIN. Once that’s done, you can check out the report, which can show you three possible sections:
- Compromised passwords: This is the worst-case scenario. It doesn’t mean that your accounts have been accessed without your consent. What it actually means is that they’ve been found in one or more of the many stolen passwords lists found on the deep web because you’ve used these passwords on a website with a security breach. What is certain is that you must change them as soon as possible to avoid future issues.
- Reused passwords: This is not a problem in itself, but we recommend that you don’t use the same password for all the services you register for. If you don’t use an external password generator, you can always use the one Google offers.
- Unsafe password: Little to add. A short password can result in someone accessing your account using simple social engineering or brute force. Therefore, it’s best to use one with words not found in a dictionary, unrelated to your personal life and, if possible, mix numbers with upper and lower case letters.