Change unsafe passwords in your Google Account

You can find out if passwords in your Google Account may have been exposed, are weak, or are used in multiple accounts. Then, you can change any unsafe passwords to keep your accounts more secure.

You can start Password Checkup. You can also access Password Checkup on Android, in Chrome, or through the web.

On Android:

  1. Open the Settings.
  2. Search for "Password Manager."
  3. Tap Password Manager and then Password Checkup.

In Chrome:

  1. At the top right, select Profile Profile and then Passwords Passwords.
    • If you can’t find the Passwords icon, at the top right, select More and then Passwords and autofill and then Google Password Manager.
  2. On the left, select Checkup.

On the web:

  1. Go to passwords.google.com.
  2. Select Go to Password Checkup and then Check passwords.
    • You may need to sign in.

Tip: To automatically update the passwords in your Google Account, you can either:

  • Turn on sync in Chrome.
  • Sign in to Chrome and allow Chrome to use passwords from your Google Account when asked.

Secure your passwords

After your passwords have been checked for security issues, you’ll see 3 types of results.

Learn about compromised passwords

Important: We’ll ask you to change your Google Account password if it might be unsafe, even if you don’t use Password Checkup. To secure a Google Account that has suspicious activity, or has been hacked, follow these steps

Compromised passwords and username combinations are unsafe because they’ve been published online. We recommend that you change any compromised passwords as soon as you can.

View data breaches we check

We check for password and username combinations exposed through a wide variety of data breaches, but the list of data breaches we check may be incomplete. Our list includes sources such as:

  • 000webhost
  • 17 Media
  • 1.4B collection
  • 7k7k
  • Adobe
  • Anti-public
  • Badoo
  • Bitly
  • Collection 1-5
  • Dropbox
  • Exploit.in
  • iMesh
  • Imgur
  • Last.fm
  • Lifeboat
  • LinkedIn
  • Mate1
  • Neopets
  • NetEase
  • Nexus Mods
  • Pemiblanc
  • R2Game
  • Rambler
  • Tianya
  • Tumblr
  • VK
  • VN
  • Yandex
  • Youku
  • Zoosk

Dismiss & restore warnings

You can dismiss a warning about a compromised password.

To dismiss a warning, next to the compromised password, click More More and then Dismiss warning. 

Under “Dismissed warnings,” you can find and restore the warning.

To restore a dismissed warning, next to the warning, click More More and then Restore warning.

Learn about reused passwords

If you use the same password for multiple accounts, you’re at greater risk of being hacked. We strongly recommend you use a unique password for every account.

Tip: Let Chrome create and save a strong password for your Google Account. Learn how to generate strong, unique passwords

Learn about weak passwords

Passwords with obvious phrases, simple keyboard patterns, and single words can be easily guessed. We recommend you use strong passwords.

Why we might ask you to change passwords

To help you secure your accounts, Google can help notify you if we find any of your saved passwords have been compromised.

If you’re notified about an unsafe password

  1. Go directly to Password Checkup to make sure the notification is authentic and change any unsafe passwords.
  2. Take a Security Checkup to help protect your Google Account.

Take a Security Checkup

Manage alerts for unsafe passwords

Google can notify you when we find any of your saved passwords online. You can turn these alerts on or off.

Google continues to check your passwords, even if alerts are turned off. If you turn this setting off, you might still receive alerts for up to 48 hours.

You can go to Google Password Manager settings or:

  1. Go to passwords.google.com.
  2. At the top right, select Settings Settings.
  3. Turn Password alerts on or off.

Manage password alerts

Search
Clear search
Close search
Google apps
Main menu
11640984438490293255
true
Search Help Center
true
true
true
true
true
70975
false
false