If you've signed up for or logged into any accounts in Chrome lately, you might have noticed something new: a pop-up warning you about the security of your passwords. While another nag is the last thing you need in your life, don't ignore this one. It can help you keep unwelcome visitors from breaking into your accounts.
It's fair to say password security remains in a poor state. People too often use passwords that are too easy to guess or crack through brute force, or use same passwords across dozens of accounts, or don't do enough to keep their passwords out of the hands of hackers. Or, more commonly, all of the above.
Through Chrome and Android, Google has offered to keep track of your passwords for a while now; you can see any that it might have linked to your Google account by signing in here. In recent months, it's also been offering to suggest strong passwords for new accounts, and now it'll check your existing passwords too, which is what's prompting those pop-ups.
If you haven't seen one yet but still want to get your Google-powered password audit, head here in your web browser and click Check passwords. It'll let you know if it sees three problems in three categories: passwords you've used more than once, passwords that have appeared in data breaches leaked online, and passwords that aren't strong enough.
A strong password is one that's difficult for a human or computer to guess or force. It'll be lengthy, for a start, with characters into the double figures. It should also include a combination of uppercase and lowercase letters, numbers, and special characters—having a password with multiple types of characters makes it more difficult to crack.
As for duplicate passwords, they may be easier for you to remember, but it means that if a password for one account becomes compromised, hackers can run through numerous other accounts of yours as well.
Then there are the passwords that have been exposed publicly, appearing in data breaches. If this has happened to one of your passwords, it's likely that someone's going to be trying to force access sooner rather than later. It's perhaps the most serious of the problems that Google looks for, more so than duplicate or weak passwords.
If password issues are detected, you might have a lot of fixing to do. Chrome shows a list of all the issues it's found, split into categories, which can run into the hundreds if you've got a lot of accounts set up.
To try and help out, Google provides links, where it can, to pages and apps where you can make changes to your login credentials. You can even use Chrome's password suggestions, if you want; you won't have to remember these weird combinations of characters, because Google remembers them for you.
If you're don't see password suggestions in Chrome when you create new accounts or try to change your passwords, make sure you're running the latest version. Pick Help and About Google Chrome from the menu. You'll also need sync turned on, so the passwords are saved to your Google account; you can do this via the top option on the main Chrome Settings page.
With that done, suggestions should appear automatically next to fields prompting you for a password: just click Use suggested password to take Chrome's recommendation, and then confirm you want the password saved, if a prompt appears.
Safari on macOS does this too, by the way: It automatically offers to save usernames and passwords for you, and you can see the list that it's amassed by choosing Safari then Preferences and Passwords.
If you see a yellow exclamation marks next to any on the list, that means Safari thinks the password is too weak, or it's a duplicate password you're using for another account. (For now, Safari doesn't check your passwords against data breaches.) To change a password, click the link Safari gives you when you hover over the exclamation mark.
Like Chrome, Safari suggests strong passwords when you're signing up for a new account. Click the little key icon that appears on the right of the new password field, then choose Suggest New Password. As with Chrome, it will save the password for you.
Browser-based password management has improved in important ways over the last few years. And whatever drawbacks they still have are arguably outweighed by the convenience that may encourage you to finally clear up your password hygiene.
Keep your logins locked down with our favorite apps for PC, Mac, Android, iPhone, and web browsers.
For even more peace of mind, though, if Google gives you a failing password grade, you should strongly consider a dedicated password manager like Dashlane, LastPass, and 1Password. They offer even more features: secure storage of credit card and other details, real-time alerts if your password gets exposed, support for two-factor authentication, and more. Password managers are also browser neutral. If you skip between Chrome and Safari, and Android and iOS, a dedicated password manager can go with you and keep everything synced across all the devices you're using.
Meanwhile, now you know why Chrome is warning you about your passwords, and what you can do about it. It's worth spending a little time to fix any password problems that are detected. You'll be glad you did if it keeps your key accounts safe.