Is the Google Chrome Password Manager secure? There’s no denying the convenience of using Google Chrome to remember and autofill your passwords, but there are a few good reasons to consider avoiding these native browser services. Here’s what you need to know.
There are people who have heard of password managers but never bothered to download them – maybe because they don’t trust them.
Perhaps they just didn’t want to pay?
The Google Chrome Password Manager gives you a basic password manager for free and without any installation. So why should you bother with other fancy password managers that demand your money?
There are a number of browsers with inbuilt password managers and honestly, they’re just okay-ish. While they cannot replace full-fledged password manager apps, they’re better than nothing.
Browser-based password managers are better than having nothing.
When you use Chrome and enter a password for the first time on a new website, you’ll get a prompt asking you if you want to save that password. That’s Chrome’s password manager right there.
You can select Save if you want to save that password or click on Not Now if you don’t want to save it.
It’s convenient, I’ll give it that. Built-in password managers don’t need separate installation and they’ll store the passwords automatically.
But is Google Chrome password manager secure?
Note: Some of the links in this article are affiliate links, which means that at no extra cost to you, I may be compensated if you decide to use some of the services listed. I don’t recommend anything I don’t personally use, however, and the same holds true here.
Vulnerabilities of Browser-Based Password Managers
Browsers weren’t built to be password managers.
Google Chrome is no different than Firefox, Safari, Edge and others. The password manager is an add-on feature that is meant more for convenience.
Is Chrome password manager secure? Here are the vulnerabilities to look out for.
#1. Google Chrome isn’t a Good Password Generator
One feature of most respectable password manager apps is the option to have them generate extremely complex passwords. While it is possible to generate a password in Google Chrome (it’s not an intuitive feature), they aren’t good.
For example, if I were to try to create a new Twitter account using Chrome, I could right click on the password box to find an option for Chrome to suggest a password.
There are a couple problems here. First, this option doesn’t always show up when you right click on a password box, and there is no way to find the feature elsewhere in the Chrome browser.
Second, and most importantly, the password that Google generates is surprisingly simple and you’re given no option to alter it.
According to the All Things Secured password checker, the password you see above is strong. However, you don’t have the ability to…
…tell Google to create a longer password;
…tell Google to use symbols in the password;
…copy that password instead of having Google input and save it.
Compare that with a free, third-part password generator. You are given the ability to determine length, which kind of characters are used, and to copy the password.
#2. Using Google Chrome Puts All Your Eggs in One Basket
Using Google Chrome as your password manager locks you in to only using Google Chrome.
- What if you use Safari or another browser on your phone?
- What if you decide that you no longer want Google watching what you do on Chrome (yes, they track your usage to “optimize the web experience”) and you want to move to another, more secure browser?
- What if you need to use another computer and you need access to your passwords?
When you use Google Chrome’s password manager, it can only be used with Google Chrome.
And let’s not forget…Google is a for-profit company.
At the end of the day, Google is beholden to its shareholders and they are in the business of using your data to sell ads. While it’s highly unlikely that Google will use this data, it’s just better to avoid putting all your sensitive data in one place.
Solution: Switch to using a password manager such as Dashlane to keep your passwords separate from your Google Chrome or other browser.
#3. Google Chrome Password Manager isn’t Well-Secured
Default password managers are weak and extremely vulnerable since they’re designed to be convenient, not secure.
Any hacker with basic skills and resources can hack a browser password manager.
But that’s not the worst part.
The problem is you don’t even need hacking skills at all to hack these passwords.
Consider this scenario. A colleague asks for your laptop for a couple of hours because they have to complete an important presentation and their laptop died right in the middle of it.
You give them your laptop and your Windows password. You don’t have any personal photos on it so there’s nothing to worry, right?
Your friend can now easily open all the passwords that have been saved by the default Chrome password manager just by entering your Windows password.
Your accounts would be hacked without you even knowing about it.
Firefox and Google Chrome password managers are weak. This is why it’s important to have a password manager to help you keep your passwords in order.
How to Be Safe with Google Chrome Password Manager
If you absolutely, 100%, and under any circumstances, do NOT want to install a password manager, I get it. I was the same way for quite a while.
If that’s you, here are a few steps you can take to make sure you remain safe using the Google Chrome Password Manager.
- Guard Your System Password: Make sure you guard your operating system password. Your Chrome browser opens its vault to anyone who has the password to your operating system so make sure you don’t give it to just anyone.
- Lock Your Computer When You Leave It. It’s pretty easy. Just keep the Windows key pressed and hit the L key. Or put your Mac to sleep and make sure your settings require a password to return from sleep. Your computer will be locked and your passwords and other files will be safe.
- Use Unique Passwords for Each Account: A password manager is just a tool; you still need to be smart in how you use it. Passwords like “abc” or “123” are a big mistake and so is keeping the same password for all accounts. Your system password can be used to unlock all your other passwords so of all your passwords, you should make sure that this password is secure.
- Encrypt Your Hard Drive: This is an advanced tip, but a good one to consider. You can encrypt your hard drive so that even if someone has access to your computer doesn’t get to see your passwords.
The more keys you store in your Chrome lockbox (i.e. banking, investment, email, social, etc.), the most cautious you should be.
Sometimes it’s not just a question of is Chrome password manager secure. You might be surprised to find how many passwords Chrome has already stored in its vault that you don’t remember putting there.
Are Password Managers worth the Money they Charge?
Password managers save your passwords just like Chrome does. And they auto-fill the forms whenever you’re asked for a password – just like Chrome.
As we’ve discussed, though, there are risks to using the Google Chrome Password Manager.
Does that make 3rd party password managers worth the money?
It’s really up to you.
Personally, I prefer using password managers because they give me the ability to:
- Generate custom passwords that are extremely strong;
- Hide those passwords behind a master password that is separate from your system password;
- Store those passwords in a software-agnostic vault (i.e. it can be used to recall passwords in any software or app, not just Chrome);
- Secure and encrypt not only passwords but also documents, photos and other files;
I don’t want to sound like an advertisement here, but it really is a no-brainer. Even though these links are affiliate links, Dashlane offers a free version of their software, so it doesn’t even matter.
You’ll end up creating better passwords, monitoring the strength of your passwords, and using those passwords to log into any and everything you might need on your computer, tablet or phone.
Passwords are Important
It’s worth giving them extra security.
Extra Advantages of Password Managers
Google Chrome password manager just stores your passwords. That’s it.
A quality password manager app, on the other hand, provides features that go above and beyond what you’ll get with Google Chrome. As you’ll see, many of these features help to increase your security.
- Identifying Weak Passwords: Good password managers will tell you which of your passwords are weak and need to be changed. They even make the process of changing them easy.
- Dark Web Monitoring: Good password managers will also keep an eye on the internet to make sure your information isn’t floating out there. If so, they’ll tell you what to do and what passwords you need to change.
- Multi-Factor Authentication: You can make your passwords even more secure by enabling 2-factor authentication. This extra layer of security requires you to use second means of verification, such as a text message or a physical security key to make sure nobody but you can see the passwords.
- Secure Document Storage: Use this same security to store a digital backup of your most sensitive files. This is helpful if you need to securely share files or if you want a backup in case your personal computer crashes.
How Much do Paid Password Managers Cost?
Honestly, that’s really not that much.
For just a couple of dollars each month, you get premium password security and the peace of mind knowing that your passwords are safe, even if you forget them.
Better yet, most of these password managers offer a free version (often restricted by the number of devices) so you can start giving it a try before buying it.
Final Thoughts | Google Chrome Password Manager
The thing with password managers is that you need to break your bad password habits to use them. And habits are the main reason people don’t try anything new.
Once you start using a password manager, you’ll get used to it as most password managers are really simple to use.
Sure, using the Chrome password manager is better than using nothing because it DOES remember your passwords after all. But there are some serious vulnerabilities that are simple to avoid.
Can you settle for that?