You may not realize it, but passwords are the single biggest threat to your online security – they’re easy to steal, they’re hard to remember, and managing them is tedious. Many people believe that a password should be as long and complicated as possible – but in many cases, this can actually increase the security risk. Complicated passwords tempt users into using them for more than one account; in fact, 66% of Americans admit to using the same password across multiple sites, which makes all those accounts vulnerable if any one falls.
In 2020, searches for “how strong is my password” increased by 300%. Unfortunately, even the strongest passwords can be compromised and used by an attacker – that’s why we invested in security controls that prevent you from using weak or compromised passwords.
At Google, keeping you safe online is our top priority, so we continuously invest in new tools and features to keep your personal information safe, including your passwords.
On World Password Day, we’re sharing how we are already making password management easier and safer, and we’re providing a sneak peek at how our continued innovation is creating a future where one day you won’t need a password at all.
Keeping your Google sign in safer
One of the best ways to protect your account from a breached or bad password is by having a second form of verification in place – another way for your account to confirm it is really you logging in. Google has been doing this for years, ensuring that your Google Account is protected by multiple layers of verification.
Today we ask people who have enrolled in two-step verification (2SV) to confirm it’s really them with a simple tap via a Google prompt on their phone whenever they sign in. Soon we’ll start automatically enrolling users in 2SV if their accounts are appropriately configured. (You can check the status of your account in our Security Checkup). Using their mobile device to sign in gives people a safer and more secure authentication experience than passwords alone.
We are also building advanced security technologies into devices to make this multi-factor authentication seamless and even more secure than a password. For example, we’ve built our security keys directly into Android devices, and launched our Google Smart Lock app for iOS, so now people can use their phones as their secondary form of authentication.
Keeping your passwords safer everywhere
For as long as passwords remain a part of your digital life, through the apps you use and the websites you access, we will continue to innovate and develop new products and technologies that make managing them easy, and most importantly secure by default.
Our Password Manager, built directly into Chrome, Android and now iOS, uses the latest security technology to protect your passwords across all the sites and apps you use. It makes it easier to create and use complex and unique passwords, without the need to remember or repeat them. Every time you go to a site or sign in to an app while logged into your Google Account, Password Manager can automatically populate your secure password. Password Manager is also integrated into our single-click Google Security Checkup — which tells you if any of your passwords have been compromised, if you are reusing passwords across different sites, and the strength of your passwords. We also automatically inform you if your password has been compromised, so you can make a quick and easy change to keep your information safe.
We’ve recently launched our new Password Import feature which allows people to easily upload up to 1,000 passwords at a time from various third party sites into our Password Manager (for free). By taking this step you can ensure that all of your passwords are protected by our advanced security and privacy technology.
Features like Password Import, Password Manager and Security Checkup — combined with authentication products like Sign-in with Google — reduce the spread of weak credentials. All are examples of how we're working to make your online experience safer and easier—not just on Google, but across the web.
One day, we hope stolen passwords will be a thing of the past, because passwords will be a thing of the past, but until then Google will continue to keep you and your passwords safe. Visit our Safety Center to learn all the ways we’re making every day safer online.
NOTE: The automatic 2SV enrollment will not impact organizations on Google Workspace. Organizations on Google Workspace will continue to have the choice of enrolling their users in 2SV via the admin console.