Skip to main content

Reading is great. Tracking makes it stick. Sign up for a free Dashboard to tick off tasks and see your Security Score.

Get my free Dashboard →
CE: User Access Control

Managing passwords on Android

Using weak or reused passwords is one of the most common causes of account takeover. This guide explains how to manage passwords securely on Android, including how to use a password manager to make strong, unique passwords effortless.

Hand holding a smartphone displaying a login screen

Why unique passwords matter

If you reuse the same password across multiple sites, a breach on any one of them puts all your accounts at risk. Attackers buy lists of stolen username and password combinations and automatically try them on popular services: this is called credential stuffing. The solution is a unique password for every account.

  • A 2022 study found that 65% of people reuse passwords across multiple accounts
  • If one site is breached, attackers try those credentials on banking, email, and shopping sites automatically
  • You do not need to memorise unique passwords: that is what a password manager does

Using Google Password Manager

Android includes Google Password Manager, which is built into Chrome and most apps. It generates strong passwords, saves them, and fills them in automatically:

  • When creating an account, Chrome will offer to generate a strong password: accept it
  • Saved passwords sync across all your devices signed into the same Google account
  • To view and manage saved passwords: Settings > Google > Autofill > Google Password Manager
  • Run a Password Checkup regularly to see if any of your saved passwords have been exposed in a breach

Third-party password managers

If you use multiple browsers or devices beyond Android, a dedicated password manager may suit you better. Reputable options include Bitwarden (free, open source), 1Password, and Dashlane. These work across platforms and offer more advanced features:

  • Bitwarden is free, open-source, and audited: a good choice for most users
  • Set up the manager on Android via its app, then enable autofill: Settings > Passwords & accounts > Autofill service
  • Protect your password manager with a strong master password and 2FA: it is the key to everything else
  • Never store your master password in the password manager itself

Quick reference: strong password rules

When you must create a password manually:

  • Minimum 12 characters, longer is better
  • Mix upper and lowercase letters, numbers, and symbols
  • Use a random phrase of four or more words if you must remember it (e.g. correct-horse-battery-staple)
  • Never use your name, pet's name, birthday, or any word found in a dictionary
  • Never use the same password on two different accounts

Track your Android security progress. Free.

Create a free account to tick off tasks, see your Security Score improve, and know exactly what you've done and what's still to do.

Start your free security check
← Back to Android Security Hub