Google Password Manager is one of the most-used password keepers in the world and by far the most convenient for Google Account holders. It remains an important part of my work process, and its checkup tool has done a world of good to boost my password security. Warnings about breaches and repeated passwords helped plug critical loopholes.
But I’ve seen many people question its security and safety given the company’s reputation for collecting user data. While there are some perceived concerns, using the manager or not is a matter of personal preference, from what I have experienced.
I’ll explain the basics of Google Password Manager, its security offerings, legitimate concerns, and safety tips. I’ll also cover alternatives you can use if you’re not convinced that Google’s password keeper can save your passwords securely.
What Is Google Password Manager?
Google Password Manager is a free service that allows you to store, manage, and autofill your login details. You can also use it to generate complex passwords and share your login credentials with family. It works on Android, ChromeOS, and the Google Chrome web browser for any operating system.
How Does Google Password Manager Work?
As mentioned, it helps you store passwords so you don’t have to memorize numerous login credentials for uncountable platforms. But that’s not all it does. It’s particularly useful because you can sync your passwords across different devices if you’re integrated into the Google ecosystem.
The program works for independent apps on Android but only works in Google Chrome on Windows, macOS, iOS, iPADOS, and Linux. That’s why it’s commonly called Chrome Password Manager.
- Saving passwords and using the autofill function
When you sign in to a new website or app for the first time, the password manager offers to store those login details. After saving passwords in Chrome or Google Account, the manager offers to automatically fill them in whenever you visit those platforms.
- Passkey support
Google’s password keeper also supports storing passkeys, the new type of login security considered safer than passwords. Using a passkey involves authenticating a sign-in without having to enter traditional login details (usernames and passwords) or use 2-step authentication.
People are required to open devices where passkeys are stored by entering their PIN or patterns or using a biometric sensor like facial recognition or a fingerprint.
- Using the password generator
The Google password generator offers to create and save very complex passwords whenever you’re setting up a new account that requires a password. You’ll see a preview of the suggested password pop up before accepting. While it’s more basic than other password managers, the generator allows you to save notes to each generated password.
- Import and export passwords
Password managers generally allow users to import and export passwords. Whenever you decide to move on from Google’s password keeper, you can export your passwords by creating a CSV file. You can also import passwords from different password managers to Google’s by importing the CSV file to your web browser or Android device.
- Edit and delete
If you change a password for any website or app, the tool asks you to update it. You can also return to the password manager later to edit credentials, add notes, and delete saved passwords. The process involves going to the password manager in your Android phone or browser and opening a credential.
Is Google Password Manager Safe?
Users across the world began to ask, “Is Google Password Manager safe?” after an incident prevented them from accessing Google Chrome saved passwords for about 18 hours. According to Google’s report about the issue, passwords were not visible during the window due to a bug in Chrome’s M127 version.
Still, many cybersecurity researchers have criticized Google for its opacity regarding its security protocols. This bad rep makes it look like when using Chrome, saved passwords are less secure than others.
However, Google Password Manager is generally considered safe to use, barring specific concerns. I’ll cover its security framework and features to explain why that is.
![IMG]()
Security Framework
While Google’s encryption framework is unclear, it wouldn’t be a guess to say it uses 256-bit AES, the same protocol for its cloud storage.
On its own, 256-bit AES is quite capable at encrypting passwords. However, experts believe the manager should offer more robust features provided by LastPass and 1Password.
That said, Google has numerous layers of security protocols and participates in various programs to protect users against cyber security threats.
![IMG]()
Security Compliance
Google goes through numerous independent third-party attestations and certifications, which are techspeak for audits. These include SOC 2 and 3 audits from independent third-party security outfits.
Having SOC 2 and 3 accreditation means Google security cloud-based services have pretty formidable foundations.
The company also claims it participates in various security frameworks set up by governments and sectors to ensure compliance and best practices. Examples are the U.S.’ FedRAMP (Federal Risk and Authorization Management Program) and Germany’s Cloud Computing Compliance Criteria Catalog.
![IMG]()
Password Checkup
Password Checkup allows you to validate the security level and integrity of saved passwords in Chrome and your Google Account. This process includes checking if a password is weak, has been repeated, has been part of a data breach, or may soon be compromised.
Accessing the feature involves opening the password manager and selecting Password Checkup. For example, people using Google Chrome can click the three dots in the top left corner, select Passwords and autofill > Google Password Manager, and click Checkup in the left pane.
On your mobile phone, open Chrome, click the three dots beside the address bar, select Settings > Google Password Manager, and then click Checkup.
You can quickly change your passwords if Google finds any problems.
![IMG]()
On-device encryption
Google declares that it encrypts your stored passwords so no one at Google or anywhere else can see them. However, the company manages your encryption key by default.
On-device encryption is a process that allows you to control your encryption key. Setting it up involves locking your stored passkeys and passwords with your device’s lock screen mechanism or your Google password.
For example, you can configure it such that you lock your password manager with Windows Hello or your phone’s fingerprint, face recognition, PIN, or pattern.
You must unlock the device or provide your Google password whenever you want to access the passwords and passkeys. The risk here is that losing the encryption device or your Google Account password means you may lose your passwords forever.
Follow these steps to configure on-device encryption:
- On Google Chrome for desktop, click your profile icon and select the password icon (a key).
- Click Settings when Google Password Manager opens.
- Click Set up on-device encryption and follow the prompts.
On your phone, open Google Chrome, select the three dots in the top-right corner, and go to Settings > Google Password Manager. You should see a banner advising you to set up on-device encryption. Click the Set up button. You can also select Settings and click the option.
Related read: What Is Google Smart Lock? Features and Settings
![IMG]()
Two-factor authentication
Two-factor authentication is one of the most formidable security standards that keep people safe from hackers. Google has great options. You can send push notifications to your phone, use SMS verification, use the Google Authenticator app, download backup codes, or use Windows Hello to open the password manager.
However, many people would like better Yubikey support with the password manager, not just Google Accounts in general.
Get BoostSpeed now to safeguard your digital life and enhance your browsing experience!
Potential Concerns with Chrome Password Manager and How to Fix Them
As mentioned, Google Password Manager has all the underlying technologies and infrastructure to be safe and secure. However, it can be vulnerable due to human oversight.
For starters, people who have access to your device may be able to look at your password. If your computer does not have a password or PIN, users can easily open your password manager through Chrome and see all your passwords. Individuals who know your password, pattern, or PIN can also open Chrome to view saved passwords.
Additionally, autofill can be a problem. Even if your computer is locked, a person with temporary access may try to log in to some of your accounts, and Google will hand them the keys if they opt to autofill.
Tips for using Google Password Manager safely:
- Activate on-device encryption.
- Use the password checkup feature regularly.
- Use passkeys.
- Turn on the Windows Hello option.
- Update your passwords regularly.
- Use two-factor authentication.
- Avoid common security mistakes like saving your passwords on other people’s computers, sharing passwords without changing them later, and using weak or repeated passwords.
- Always delete CSV files after exporting your passwords.
- Restrict access to your device’s PIN, passwords, and patterns
How to turn off Google Chrome Password Manager
Turning off the password manager is pretty easy if you no longer want to use it:
- Click the three dots in Chrome’s top-right corner and select Passwords and autofill > Google Password Manager.
- Click Settings in the left pane and turn off the switch beside Offer to save passwords and passkeys.
You can follow the same process through Chrome on your mobile device as long as you’re logged in to your Google Account. Click the menu button, select Settings, go to Google Password Manager > Settings, and turn off the switch next to Offer to save passwords.
Comparing Google Password Keeper with Other Options
If you’re still uncomfortable with Google Password Manager, there are very competent alternatives to consider. Some might even call them better options.
You can seamlessly export your Google Chrome passwords to these applications, as they all support imports from web browsers.
LastPass
LastPass has been around since 2008 and grew a strong reputation as one of the trusted password managers in the industry. But that reputation took a major hit in 2022 after a series of high-profile breaches that saw customer data stolen.
The company has since embarked on a rebranding mission to salvage some of its legacy reputation. If you’re considering the product, you may find comfort in its high-grade security protocols and features.
It allows you to store and share unlimited passwords, offers multiple account recovery methods (SMS, OTP, and master password hint), and syncs with Microsoft and Google’s authenticators. Its MFA also allows you to use Sesame, YubiKey, and biometric authentication.
- Top-tier security protocol
- Supports passkeys
- The free version offers great features
- Multi-platform support
- Chrome extension
- Free users are limited to 1 device per account
- Only the business plan supports advanced MFA and SSO
- May become too expensive with more features
1Password
1Password provides too many features that can sway anyone shopping for a new password manager. While it was part of an Okta breach in 2023, the company claimed no user data was compromised.
It uses the formidable 256-bit AES encryption and employs a zero-knowledge policy. You can also create separate multiple vaults within your 1Password account. That means you can choose the passwords you use on specific devices to limit exposure.
1Password also scans the dark web to notify you when your passwords are part of a data breach, can help disguise your email address, and syncs with various physical and digital authenticators. Further, it stores passkeys and allows you to authenticate using biometric sensors.
- Easy-to-use
- Numerous security features
- Top-rated security framework
- No free tier
- May not be as seamless as using a browser-based password manager
- Using multiple vaults may be confusing
Nordpass
Nordpass is another popular alternative for Chrome Password Manager. It offers autofill, MFA options, password sharing, and a top-grade security framework. It also works cross-platform with classy and easy-to-use applications for different operating systems.
- Data breach reports are quite detailed
- Top-tier security protocol
- Offers emergency access options
- The free tier is too limited
Are standalone password managers better?
It depends on the features you like and what you want to protect. For many users, Chrome Password Manager has too many points of failure and would feel more secure using reputable alternatives.
But the Google’s password keeper can also come in handy since it is free and tied to your Google Account. You can use it to store certain passwords and reserve the most sensitive credentials for more secure managers.
For example, when using Google Chrome, saved passwords can help you login faster on websites you use more regularly.
Is Google Password Manager Safe? Resolved
Google Password Manager is generally safe since it uses the same encryption standard as other managers. I’ve never had an issue with it, as I do my best to keep my Google Account secure.
In the end, your passwords enjoy the same level of protection you afford your Google Account. So, set up MFA and passkeys for your Google Account, restrict access to devices with your profile, and run the Password Checkup feature from time to time.
For added safety, you can reserve passwords for sensitive and less-used accounts for a different reputable password manager.
Let us know how you organize your Google Chrome passwords and whether you use a different password manager.
