Protect accounts that have unsafe passwords

If your password for a non-Google website has been exposed, the Password Checkup extension can help let you know. That way, you can change your password for at-risk accounts to help secure them.

Note: If we believe your Google Account password is unsafe, we’ll ask you to change it even if you don’t use the Password Checkup extension.

Get the Password Checkup extension

The Password Checkup extension works when you’re signed in to the Chrome browser on a computer.

  1. On your computer, open Chrome.
  2. Sign in to your Google Account.
  3. Go to the Chrome web store and download the Password Checkup extension.
  4. Follow the steps on your screen.

Turn the Password Checkup extension on or off

Note: Turning the Password Checkup extension off doesn't delete info stored by the extension.

  1. On your computer, open Chrome.
  2. Sign in to your Google Account.
  3. In the top right, click More Moreand then More tools and then Extensions.
  4. In the list of extensions, find "Password Checkup extension."
  5. Turn Password Checkup on or off.

Use the Password Checkup extension

Change unsafe passwords to prevent account hacking

Note: To secure a Google Account that has suspicious activity or that you believe has been hacked, follow these steps.

  1. Sign in to the account with the unsafe password.
  2. Create a strong password for the account and any other accounts that use the same password.
  3. If the site offers another security measure, like 2-Step Verification, consider setting it up.

Ignore unsafe password notifications

It’s best to change an unsafe password. If you don’t want to change your password, you can ignore the notifications:

Info the Password Checkup extension stores

The Password Checkup extension stores:

  • The number of sign-ins that the extension scanned for unsafe passwords. To delete this info, clear your extension data.
  • If the Password Checkup extension finds that a password and username you enter is unsafe, it stores a hashed, partial code for that info in your Chrome browser. This partial code can’t be used to recreate a complete version of your info. To delete this code on your Chrome browser, change your unsafe password or clear your extension data.

Important: The hashed, partial code is used to stop all future notifications about an unsafe password. If you delete this info, you might see notifications about unsafe passwords you chose to ignore.

Clear extension data

You can delete info stored by the Password Checkup extension.

  1. On your computer, open Chrome.
  2. Sign in to your Google Account.
  3. At the top, click Password Checkup extension Password Checkupand then Advanced settings and then Clear extension data.

Turn off anonymous reporting

Anonymous reporting shares info with Google to help improve the Password Checkup extension. This info includes the number of lookups that surface an unsafe credential, whether an alert leads to a password change, and the domain involved.

  1. On your computer, open Chrome.
  2. Sign in to your Google Account.
  3. At the top, click Password Checkup extension Password Checkupand then Advanced settings and then Opt out of anonymous reporting.

Send feedback

Let us know about your experience with the Password Checkup extension. When you share your feedback, you help Google improve this product for you and other people.

  1. On your computer, open Chrome.
  2. Sign in to your Google Account.
  3. At the top, click Password Checkup extension Password Checkupand then Send feedback.
Was this helpful?
How can we improve it?