Google password verification feature coming to Android

Image: Google

Android users can now take advantage of the Password analysis a feature that Google first introduced in its Chrome web browser in late 2019, the OS maker announced today.

On Android, the Password Check feature is now part of the “Autofill with Google” tool, which the OS uses to select text from caches and fill out forms.

The idea is that the Password Check feature will remove passwords stored in the Android OS password manager and scan them against a database containing billions of records from public data breaches and see the the password was previously issued online.

If so, the user will be warned.

Google says that users have nothing to fear when it comes to this password checking tool, which does not share their credentials in cleartext across the network, and works as follows:

  • Only an encrypted hash of the credit leaves the device (the first two bytes of the hash are sent unencrypted to separate the database)
  • The server returns a list of encrypted hashes of known broken certificates that share the same prefix
  • The actual verification of whether the certificate is broken occurs locally on the user’s device
  • The server (Google) does not have access to the unencrypted hash of the user’s password and the user (User) does not have access to the list of devices without a limit of possible credentials. broken.

The Checkword Passup feature is being released today for all Android 9+ users. To enable password analysis, users should ensure that Autofill by Google is activated on their devices by following the steps below:

  1. Unlock your phone Circumstances app
  2. Tap on it System > Languages ​​& input > Advanced
  3. Tap on Autofill service
  4. Tap on Google to make sure the setting is enabled

A password-like feature has already been present in iOS 14 since last summer. Most web browsers have had password-like features for years, such as those found in Firefox, Chrome, Safari, and Microsoft Edge.