Better password protections in Chrome

Many of us have encountered malware, heard of data breaches, or even been a victim of phishing, where a site tries to scam you into entering your passwords and other sensitive information. With all this considered, data security has become a top concern for many people worldwide. Chrome has safety protections built in, and now we're expanding those protections further. 

Chrome warns when your password has been stolen

When you type your credentials into a website, Chrome will now warn you if your username and password have been compromised in a data breach on some site or app. It will suggest that you change them everywhere they were used.

Google first introduced this technology early this year as the Password Checkup extension. In October it became a part of the Password Checkup in your Google Account, where you can conduct a scan of your saved passwords anytime. And now it has evolved to offer warnings as you browse the web in Chrome. 

You can control it in Chrome Settings under Sync and Google Services. For now, we’re gradually rolling this out for everyone signed in to Chrome as a part of our Safe Browsing protections.

Phishing protection in real time

Google’s Safe Browsing maintains an ever-growing list of unsafe sites on the web and shares this information with webmasters, or other browsers, to make the web more secure. The list refreshes every 30 minutes, protecting 4 billion devices every day against all kinds of security threats, including phishing.

However, some phishing sites slip through that 30-minute window, either by quickly switching domains or by hiding from our crawlers. Chrome now offers real-time phishing protections on desktop, which warn you when visiting malicious sites in 30 percent more cases. Initially we will roll out this protection to everyone with the “Make searches and browsing better” setting enabled in Chrome. 

Expanding predictive phishing protections

If you're signed in to Chrome and have Sync enabled, predictive phishing protection warns you if you enter your Google Account password into a site that we suspect of phishing. This protection has been in place since 2017, and today we’re expanding the feature further.

Now we'll be protecting your Google Account password when you sign in to Chrome, even if Sync is not enabled. In addition, this feature will now work for all the passwords you store in Chrome’s password manager. Hundreds of millions more users will now benefit from the new warnings.

Sharing your device? Now it’s easier to tell whose Chrome profile you’re using 

We realize that many people share their computers or use multiple profiles. To make sure you always know which profile you’re currently using—for example, when creating and saving passwords with Chrome’s password manager—we’ve improved the way your profile is featured.

On desktop, you’ll see a new visual representation of the profile you’re currently using, so you can be sure you are saving your passwords to the right profile. This is a visual update and won’t change your current Sync settings. We’ve also updated the look of the profile menu itself: it now allows for easier switching and clearly shows if you are signed in to Chrome or not.

From Munich with love

Many of these technologies were developed at the Google Safety Engineering Center (GSEC), a hub of privacy and security product experts and engineers based in Munich, which opened last May. GSEC is home to the engineering teams who build many of the safety features into the Chrome browser. We’ll continue to invest in our teams worldwide to deliver the safest personal browser experience to everyone, and we look forward to bringing more new features to strengthen the privacy and security of Chrome in 2020. 

All these features will be rolled out gradually over the next few weeks. Interested in how they work? You can learn more on Google Security blog.