Google’s Password Checkup feature coming to Android 12


android-12-password-checkout.png
Image: Google

Android 12, the next version of Google’s mobile operating system, scheduled for release next fall, will include the Password Checkup feature that the company first introduced in its Chrome web browser in late 2019, the OS maker announced today.

On Android, the Password Checkup feature will be added to the “Autofill with Google” mechanism, which the OS uses to select text from a cache and fill in forms.

The idea is that the Password Checkup feature will take passwords stored in the Android OS password manager and check them against a database containing billions of records from public data breaches and see if the password has been previously leaked online.

If it has, a warning is shown to the user.

Google says that users have nothing to fear when it comes to this password-checking mechanism, which does not share their credentials in cleartext over the network, and works as follows:

  • Only an encrypted hash of the credential leaves the device (the first two bytes of the hash are sent unencrypted to partition the database)
  • The server returns a list of encrypted hashes of known breached credentials that share the same prefix
  • The actual determination of whether the credential has been breached happens locally on the user’s device
  • The server (Google) does not have access to the unencrypted hash of the user’s password and the client (User) does not have access to the list of unencrypted hashes of potentially breached credentials.

To enable Password Checkup, users should make sure Autofill with Google is enabled once they updated to Android 12 later this year. They can do this by following the steps below:

  1. Open your phone’s Settings app
  2. Tap System > Languages & input > Advanced
  3. Tap Autofill service
  4. Tap Google to make sure the setting is enabled

A similar password-checkup feature is already present in iOS 14 since last summer. Most web browsers also have similar password-breach-checking features for years, such as the ones found in Firefox, Chrome, Safari, and Microsoft Edge.

Source

Next Post

New Password Checkup Feature Coming to Android

Tue Feb 23 , 2021
Posted by Arvind Kumar Sugumar, Software Engineer, Android Team With the proliferation of digital services in our lives, it’s more important than ever to make sure our online information remains safe and secure. Passwords are usually the first line of defense against hackers, and with the number of data breaches […]