Is the Google Chrome Password Manager secure? There’s no denying the convenience of using Google Chrome to remember and autofill your passwords, but there are a few good reasons to consider avoiding these native browser services. Here’s what you need to know.
There are people who have heard of password managers but never bothered to download them – maybe because they don’t trust them. Maybe because most of them are paid.
The Google Chrome Password Manager gives you a basic password manager for free and without any installation. So why should you bother with other fancy password managers that demand your money?
There are a number of browsers with inbuilt password managers and honestly, they’re just okayish. While they cannot replace full-fledged password manager apps, they’re better than nothing.
Browser-based password managers are better than having nothing.
When you use Chrome and enter a password for the first time on a new website, you’ll get a prompt asking you if you want to save that password. That’s Chrome’s password manager right there. You can select Save if you want to save that password or click on Not Now if you don’t want to save it.
It’s convenient, I’ll give it that. Built-in password managers don’t need separate installation and they’ll store the passwords automatically. But is Google Chrome password manager secure?
Note: Some of the links in this article are affiliate links, which means that at no extra cost to you, I may be compensated if you decide to use some of the services listed. I don’t recommend anything I don’t personally use, however, and the same holds true here.
Vulnerabilities of Browser-Based Password Managers
Browsers weren’t built to be password managers, and Google Chrome is no different than Firefox, Safari, Edge and others. It’s an add-on feature and because of that, there are a number of vulnerabilities you need to consider and watch out for.
#1. Google Chrome Doesn’t Help Generate Passwords
One feature of most respectable password manager apps is the option to have them generate extremely complex passwords. The Google Chrome Password Manger doesn’t do this.
What this means is that you’ll be more likely to just keep using the same password over and over again and all Chrome does is keep you from having to type it in every time.
Solution: The solution here is to use a free, third-part password generator. You should have a different password for each account, so this will work. It takes time, however.
#2. Using Google Chrome Puts All Your Security Eggs in One Basket
Google is a for-profit company, let’s not forget that. Now obviously they’re going to do everything they can to inspire confidence in their users, and personally I still use Google Chrome.
But at the end of the day, Google is beholden to its shareholders and they are in the business of using your data to sell ads. While it’s highly unlikely that Google will use this data, it’s just better to avoid putting all your sensitive data in one place.
Solution: Switch to using a password manager such as Dashlane to keep your passwords separate from your Google Chrome or other browser.
#3. Google Chrome Password Manager isn’t Entirely Secure
Default password managers are weak and can easily be hacked. Any hacker with the basic skills and resources can hack a browser password manager. But that’s not the worst part. The problem is that anyone without even the basic hacking skills can hack these passwords.
Consider this scenario. A colleague asks for your laptop for a couple of hours because they have to complete an important presentation and their laptop died right in the middle of it.
You give them your laptop and your Windows password. You don’t have any personal photos on it so there’s nothing to worry, right?
Your friend can now easily open all the passwords that have been saved by the default Chrome password manager just by entering your Windows password.
Your accounts would be hacked without you even knowing about it.
Firefox and Google Chrome password managers are weak. This is why it’s important to have a password manager to help you keep your passwords in order.
Solution: Try not to give out your login password for your computer unless you absolutely have to.
How to Be Safe with Google Chrome Password Manager
If you absolutely, 100%, and under any circumstances, do NOT want to install a password manager, I get it. I was the same way for quite a while.
If that’s you, here are a few steps you can take to make sure you remain safe using the Google Chrome Password Manager.
- Guard Your System Password: Make sure you guard your operating system password. Your Chrome opens its vault to anyone who has the password to your operating system so make sure you don’t give it to just anyone.
- Lock Your Computer When You Leave It. It’s pretty easy. Just keep the Windows key pressed and hit the L key. Or put your Mac to sleep and make sure your settings require a password to return from sleep. Your computer will be locked and your passwords and other files will be safe.
- Use Unique Passwords for Each Account: A password manager is just a tool; you still need to be smart in how you use it. Passwords like “abc” or “123” are a big mistake and so is keeping the same password for all accounts. Your system password can be used to unlock all your other passwords so of all your passwords, you should make sure that this password is secure.
- Encrypt Your Hard Drive: This is an advanced tip, but a good one to consider. You can encrypt your hard drive so that even if someone has access to your computer doesn’t get to see your passwords.
The more keys you store in your Chrome lockbox (i.e. banking, investment, email, social, etc.), the most cautious you should be. If you open the Chrome password vault, you’ll be surprised to see how many passwords you’ve saved there.
Are Password Managers worth the Money they Charge?
Password managers save your passwords just like Chrome does. And they auto-fill the forms whenever you’re asked for a password – just like Chrome.
As we’ve discussed, though, there are risks to using the Google Chrome Password Manager. Does that make 3rd party password managers worth the money?
Password Mangers like Dashlane help you create complex passwords. They encrypt your passwords and store them. So even if someone has access to your computer and your operating system password, they will not be able to steal all your passwords.
There may be times when you must give your system login password to others. For example, if you’re having some problem with your computer, the tech guy will ask for your computer password. And with that password, they can access your Google Chrome passwords.
However, if you have a password manager like Dashlane installed, they won’t be able to open it with the system password.
Advantages of Other Password Managers
Google Chrome password manager just stores your passwords. That’s it. What are the other advantages of using a third-party password manager? Here are a few to consider:
- Identifying Weak Passwords: Good password managers will tell you which of your passwords are weak and need to be changed. They even make the process of changing them easy.
- Dark Web Monitoring: Good password managers will also keep an eye on the internet to make sure your information isn’t floating out there. If so, they’ll tell you what to do and what passwords you need to change.
- Multi-Factor Authentication: You can make your passwords even more secure by enabling 2-factor authentication. This extra layer of security requires you to use second means of verification, such as a text message or a physical security key to make sure nobody but you can see the passwords.
- Secure Document Storage: Use this same security to store a digital backup of your most sensitive files. This is helpful if you need to securely share files or if you want a backup in case your personal computer crashes.
How Much do Paid Password Managers Cost?
Most password managers such as Dashlane, 1Password, and LastPass cost about $2-$4 per month and they can be paid annually. That’s really not much.
For just a couple of dollars each month, you get premium password security and the peace of mind knowing that your passwords are safe, even if you forget them.
Better yet, most of these password managers offer a free version (often restricted by the number of devices) so you can start giving it a try before buying it.
Final Thoughts | Google Chrome Password Manager
The thing with password managers is that you need to break your bad password habits to use them. And habits are the main reason people don’t try anything new.
Once you start using a password manager, you’ll get used to it as most password managers are really simple to use.
Sure, using the Chrome password manager is better than using nothing because it DOES remember your passwords after all. But there are some serious vulnerabilities that are simple to avoid. Can you settle for that?
I use the password manager in chrome and it most certainly recommends complex passwords.
This is true, but you have no control over those passwords. Most other password generators will allow you to choose what kind of characters, how many, etc. It’s a minor detail, but in many cases it can make a big difference.
If you have passwords in google password management; when I change from Google chrome to Dash lane. Will my passwords be forward to Dash lane AUTOMATIc?
It’s fairly easy to export your passwords from Google Chrome and upload them into Dashlane. Not automatic, but it will take you less than 5 minutes to export your data from Chrome and upload it to Dashlane to use.