Google announced this morning that starting this week, Chrome for Android will be able to safely cross reference passwords you have saved in the browser against a list of known compromised credentials. The point being to notify you to change those bad passwords, but also, Google says it makes that changing process easier, too.
According to its announcement, Google goes the extra step of taking you to a service’s change password form, allowing you to quickly manage the compromised credentials. The whole process takes place via a “special form of encryption,” the same as Google’s previously announced Password Checkup extension for Chrome on desktop.
To check whether you have any compromised passwords, Chrome sends a copy of your usernames and passwords to Google using a special form of encryption. This lets Google check them against lists of credentials known to be compromised, but Google cannot derive your username or password from this encrypted copy.
We notify you when you have compromised passwords on websites, but it can be time-consuming to go find the relevant form to change your password. To help, we’re adding support for “.well-known/change-password” URLs that let Chrome take users directly to the right “change password” form after they’ve been alerted that their password has been compromised.
Google also announced that it’s bringing Safety Check to mobile users. In the next Chrome release, this feature tells you if Safe Browsing is enabled and whether the version of Chrome you are running is updated with the latest security protections.
Lots of good stuff for Chrome users.