Skip to main content
The Keyword

Better password protections in Chrome

Article's hero media

Many of us have encountered malware, heard of data breaches, or even been a victim of phishing, where a site tries to scam you into entering your passwords and other sensitive information. With all this considered, data security has become a top concern for many people worldwide. Chrome has safety protections built in, and now we're expanding those protections further. 

Chrome warns when your password has been stolen

When you type your credentials into a website, Chrome will now warn you if your username and password have been compromised in a data breach on some site or app. It will suggest that you change them everywhere they were used.

A dialog box with the headline "Check your passwords" is open on a mobile phone. The copy in the dialog box says "A data breach on a site or app exposed your password. Chrome recommends checking your saved passwords now." The box has an option to select "check passwords" or to close the box.

If your credentials were compromised, we recommend to change them immediately.

Google first introduced this technology early this year as the Password Checkup extension. In October it became a part of the Password Checkup in your Google Account, where you can conduct a scan of your saved passwords anytime. And now it has evolved to offer warnings as you browse the web in Chrome. 

You can control it in Chrome Settings under Sync and Google Services. For now, we’re gradually rolling this out for everyone signed in to Chrome as a part of our Safe Browsing protections.

Phishing protection in real time

Google’s Safe Browsing maintains an ever-growing list of unsafe sites on the web and shares this information with webmasters, or other browsers, to make the web more secure. The list refreshes every 30 minutes, protecting 4 billion devices every day against all kinds of security threats, including phishing.

A graph shows the frequency of both malware sites and phishing sites that have been detected between January 2008 and January 2018. The average occurrence of malware sites has remained relatively stable over time. The occurrence of phishing sites has increased rapidly since January 2018

Safe Browsing list has been capturing an increasing number of phishing sites.

However, some phishing sites slip through that 30-minute window, either by quickly switching domains or by hiding from our crawlers. Chrome now offers real-time phishing protections on desktop, which warn you when visiting malicious sites in 30 percent more cases. Initially we will roll out this protection to everyone with the “Make searches and browsing better” setting enabled in Chrome. 

Expanding predictive phishing protections

If you're signed in to Chrome and have Sync enabled, predictive phishing protection warns you if you enter your Google Account password into a site that we suspect of phishing. This protection has been in place since 2017, and today we’re expanding the feature further.

Now we'll be protecting your Google Account password when you sign in to Chrome, even if Sync is not enabled. In addition, this feature will now work for all the passwords you store in Chrome’s password manager. Hundreds of millions more users will now benefit from the new warnings.

A browser window has a pop-up opened. The popup windows has the headline "Your password may be compromised" and the copy "Chrome can help you protect your Google Account and change your password. This will notify Google about this site." The pop-up has the options to select "Protect account" or "Ignore""

Chrome will show this warning when a user enters their Google Account password into a phishing page.

Sharing your device? Now it’s easier to tell whose Chrome profile you’re using 

We realize that many people share their computers or use multiple profiles. To make sure you always know which profile you’re currently using—for example, when creating and saving passwords with Chrome’s password manager—we’ve improved the way your profile is featured.

On desktop, you’ll see a new visual representation of the profile you’re currently using, so you can be sure you are saving your passwords to the right profile. This is a visual update and won’t change your current Sync settings. We’ve also updated the look of the profile menu itself: it now allows for easier switching and clearly shows if you are signed in to Chrome or not.

A portion of a browser window shows a small circle with a photo of a person. When a mouse click on the photo, the circle expands to show the name "Elisa" next to the photo.

The new sign-in indicator.

From Munich with love

Many of these technologies were developed at the Google Safety Engineering Center (GSEC), a hub of privacy and security product experts and engineers based in Munich, which opened last May. GSEC is home to the engineering teams who build many of the safety features into the Chrome browser. We’ll continue to invest in our teams worldwide to deliver the safest personal browser experience to everyone, and we look forward to bringing more new features to strengthen the privacy and security of Chrome in 2020. 

All these features will be rolled out gradually over the next few weeks. Interested in how they work? You can learn more on Google Security blog.

Let’s stay in touch. Get the latest news from Google in your inbox.

Subscribe