Is the Google Chrome Password Manager secure? There’s no denying the convenience of using Google Chrome to remember and autofill your passwords, but there are a few good reasons to consider avoiding this native browser services. Here’s what you need to know.
There are people who have heard of password managers but never bothered to download them – maybe because they don’t trust them.
Perhaps they just didn’t want to pay?
The Google Chrome Password Manager gives you a basic password manager for free and without any installation. So why should you bother with other fancy password managers that demand your money?
There are a number of browsers with inbuilt password managers and honestly, they’re just okay-ish. While they cannot replace full-fledged password manager apps, they’re better than nothing.
Browser-based password managers are better than having nothing.
When you use Chrome or any of the good Chrome alternative browsers and enter a password for the first time on a new website, you’ll get a prompt asking you if you want to save that password.
But is Google Chrome password manager secure?
The short answer is “kind of”…but I recommend not using it. I’m going to explain why.
The browser-based manager is convenient, I’ll give it that. Built-in password managers don’t need separate installation and they’ll store the passwords automatically. But let’s consider the vulnerabilities.
Note: Some of the links in this article are affiliate links, which means that at no extra cost to you, I may be compensated if you decide to use some of the services listed.
Vulnerabilities of Browser-Based Password Managers
Browsers weren’t built to be password managers.
Google Chrome is no different than Firefox, Safari, Edge and others. The password manager is an extra feature that is meant more for convenience. It’s not even an integrated solution like what you’ll find with Samsung Pass on Galaxy devices.
So is Chrome password manager secure?
Here are the issues and vulnerabilities you need to be aware of.
Google Chrome’s Terrible Password Generator
One feature every respectable password manager app offers is the option to generate extremely complex passwords.
While it is possible to generate a password in Google Chrome, it’s not an intuitive feature and the passwords themselves aren’t very strong.
For example, in order to create a new Twitter account using Chrome, I first have to right click the password box to find an option for Chrome to suggest a password.
There are a couple problems with the way Google Chrome suggests passwords:
- This suggest password feature only shows up when you turn password sync on;
- There is no way to find the feature elsewhere in the browser if you wanted, for example, to create a strong password for anything outside of Chrome
The biggest problem, however, is that the passwords Google generates are surprisingly simple and you’re given no option to alter it.
According to the All Things Secured password checker, the password you see above is strong. However, you don’t have the ability to…
…tell Google to create a longer password;
…tell Google to use symbols in the password;
…copy that password instead of having Google input and save it.
Compare that with a free, third-part password generator. You are given the ability to determine length, which kind of characters are used, and to copy the password.
Notice that the above free tool gives you the ability to change the length of the password, what kind of characters are used, and copy the final password.
Chrome Limits You To Browser-Only Usage
Using Google Chrome as your primary password manager not only locks you into the Google ecosystem, it also limits you to browser-only usage.
What exactly do I mean by “browser-only”? Consider this:
- What if you want to create and store a login for an app you use on your phone?
- How about logging into Netflix on my Smart TV or media streaming device?
- What if I don’t use Chrome on every single device I own?
- What if I want to share a password with somebody else in my family?
When you use Google Chrome’s password manager, it can only be used with Google Chrome.
That’s not to mention any concerns about “big brother” here. Remember, Google is not a security company, they’re a for-profit company whose product is your data.
At the end of the day, Google is beholden to its shareholders and they are in the business of using your data to sell ads. While it’s highly unlikely that Google will use your password data, it’s just better to avoid putting all your sensitive data in one place.
Solution: Switch to using a password manager such as 1Password (the one I use and recommend) to keep your passwords separate from your Google Chrome or other browser.
Google Chrome Password Manager isn’t Well-Secured
With most browser-based password managers, including Google Chrome, your password security is directly tied to your device security.
In other words, anybody who is able to get access to your computer, tablet or phone will immediately get access to all of your passwords without having to supply an additional password.
This is HUGE problem.
Any good password manager app requires you to log in with a separate master password and locks your passwords after a specified period of time (usually an hour).
Without this automatic lock, all it takes is accidentally leaving your computer unattended for a short while. Anybody who logs on can easily jump onto your banking without having to enter an extra password.
OR…if they’ve already hacked your computer and they have your computer password, they automatically have access to all your Chrome passwords.
Using Google Chrome’s password manager is convenient for you, sure…
…but it’s also convenient for anybody else who want to access your data.
For this reason, Firefox and Google Chrome password managers are weak. This is why it’s important to have a password manager to help you keep your passwords in order.
How to Be Safe with Google Chrome Password Manager
If you absolutely, 100%, and under any circumstances, do NOT want to install a password manager, I get it.
I was the same way for quite a while and my goal here isn’t to make you spend money on a password manager app.
In this case, there are a few steps you can take to make sure you remain safe using the Google Chrome Password Manager.
- Guard Your System Password: Make sure you guard your operating system password. Your Chrome browser opens its vault to anyone who has the password to your operating system so make sure you don’t give it to just anyone.
- Lock Your Computer When You Leave It. It’s pretty easy. Just keep the Windows key pressed and hit the L key. Or put your Mac to sleep and make sure your settings require a password to return from sleep. Your computer will be locked and your passwords and other files will be safe.
- Use Unique Passwords for Each Account: A password manager is just a tool; you still need to be smart in how you use it. Passwords like “abc” or “123” are a big mistake and so is keeping the same password for all accounts. Your system password can be used to unlock all your other passwords so of all your passwords, you should make sure that this password is secure.
- Encrypt Your Hard Drive: This is an advanced tip, but a good one to consider. You can encrypt your hard drive so that even if someone has access to your computer doesn’t get to see your passwords.
The more keys you store in your Chrome lockbox (i.e. banking, investment, email, social, etc.), the more cautious you should be.
Sometimes it’s not just a question of “Is Chrome password manager secure.”
You might be surprised to find how many passwords Chrome has already stored in its vault that you don’t remember putting there.
Are Premium Password Managers Worth Paying For?
Password manager apps save your passwords just like Chrome does. And they auto-fill the forms whenever you’re asked for a password – just like Chrome.
As we’ve discussed, though, there are risks to using the Google Chrome password manager.
Does that make 3rd party password managers worth the money?
It’s really up to you.
Personally, I prefer using password managers because they give me the ability to:
- Generate custom passwords that are extremely strong;
- Hide those passwords behind a master password that is separate from your system password;
- Store those passwords in a software-agnostic vault (i.e. it can be used to recall passwords in any software or app, not just Chrome);
- Secure and encrypt not only passwords but also documents, photos and other files;
I don’t want to sound like an advertisement here, but it really is a no-brainer. Even though these links are affiliate links, 1Password offers a free 14-day trial period, so it doesn’t even matter.
You’ll end up creating better passwords, monitoring the strength of your passwords, and using those passwords to log into any and everything you might need on your computer, tablet or phone.
Passwords are Important
It’s worth giving them extra security.
Extra Advantages of Password Managers
Google Chrome password manager just stores your passwords.
A quality password manager app, on the other hand, provides features that go above and beyond what you’ll get with Google Chrome. As you’ll see, many of these features help to increase your security.
- Identifying Weak Passwords: Good password managers will tell you which of your passwords are weak and need to be changed. They even make the process of changing them easy.
- Dark Web Monitoring: Good password managers will also keep an eye on the internet to make sure your information isn’t floating out there. If so, they’ll tell you what to do and what passwords you need to change.
- Multi-Factor Authentication: You can make your passwords even more secure by enabling 2-factor authentication. This extra layer of security requires you to use second means of verification, such as a text message or a physical security key to make sure nobody but you can see the passwords.
- Secure Document Storage: Use this same security to store a digital backup of your most sensitive files. This is helpful if you need to securely share files or if you want a backup in case your personal computer crashes.
How Much do Paid Password Managers Cost?
Honestly, that’s really not that much.
For just a couple of dollars each month, you get premium password security and the peace of mind knowing that your passwords are safe, even if you forget them.
Better yet, most of these password managers offer a free version (often restricted by the number of devices) so you can start giving it a try before buying it.
Final Thoughts | Google Chrome Password Manager
The thing with password managers is that you need to break your bad password habits to use them. And habits are the main reason people don’t try anything new.
Once you start using a password manager, you’ll get used to it as most password managers are really simple to use.
Sure, using the Chrome password manager is better than using nothing because it DOES remember your passwords after all. But there are some serious vulnerabilities that are simple to avoid.
Can you settle for that?