Why You Shouldn’t Use Google Chrome’s Password Manager
In this blog post, I will explain why you SHOULD NOT use the free Password Manager built into Google Chrome. Instead, please use either Bit Warden or 1Password. Simply put, Chrome's Password Manager prioritizes convenience over security.
This blog post was inspired by an article on Android Police.
Here are the top four reasons to ditch the password manager in Google Chrome.
It Locks You In
The Google Password Manager doesn’t have its own app. It is part of the Google Chrome browser. That makes sense on Android phones, but you will be forced to use Chrome on your computers just because your login info syncs between devices that way. Prefer another browser? Too bad.
Are Your Passwords Protected? Not Really.
The only thing standing between you and your passwords in Chrome on your phone is the PIN or login method you use to unlock your phone. If that includes biometrics like your fingerprint or facial recognition, you're in much better shape, but since that requires manual setup, some (many?) won't do that, leaving a low barrier to entry to access their account logins in Chrome.
If someone obtains your PIN over your shoulder, your passwords stored in Chrome are only as secure as your method of unlocking your screen.
Independent third-party password managers usually require you to set up a complex master password that is separate from the device or the Google account tied to your phone. However, that's not true since their Password Manager is tied to your Google account.
It Lacks Features
Third-party independent Password Managers let you customize new passwords they generate to suit your needs or a website's requirements, but Google doesn’t offer that. Things like adjusting the number of characters, using symbols or special characters, and more.
Chrome's Password Manager also lacks advanced features like storing sensitive documents, credit cards, and other info, but Chrome doesn't do that.
In fact, the Chrome Password Manager doesn't offer the ability to generate secure passwords at all. It simply asks if you want it to remember a password you just entered for auto-fill purposes, secure or not.
Data Encryption Isn’t Enabled By Default
Is it offered? Yes, but only on your phone. It's not turned on out of the gates, and most people don't think about it, so it might as well not exist.
The biggest selling point of the Google Password Manager is its ease of use. However, instead of providing users with proper security, on-device encryption isn't enabled by default for login info.
You must manually go into the settings within Chrome to enable on-device encryption. Most people who aren’t aware of this option, so they won't do it, and that's a serious problem.
Alternatives
I use and strongly recommend 1Password. Here's a link to my FREE 1Password How To Guide. There is no trial, but it comes highly recommended and I pay the annual fee.
Bit Warden is free for personal use and a strong contender. My Mom uses it and loves it, and I find it is simpler for her to use. Here is my FREE Bit Warden How To Guide.
Whatever password manager you choose, please set up two-factor authentication (2FA) on all your Password Managers and online accounts. That will virtually eliminate cyberattacks on your accounts, which are only getting more common.
Thank you so much for reading this blog post! You can keep up to date with my latest posts right here on KevinTheTechGuy.ca, or via the RSS feed. You can also check out my FREE newsletter. For bonus content and other perks, please consider supporting me on Patreon or Buy Me a Coffee! Your support makes my work possible.