Q: Is the Google Password Manager safe to use?
This question was answered on July 7, 2022. Much of the information contained herein may have changed since posting.
The entire Internet currently operates on a trust system that relies primarily on passwords, so keeping yours secure is an essential step in cyber security.
Some security experts can find a flaw in just about any password manager on the market and all of them are only as secure as you allow them to be.
If you become the victim of a clever malware attack, the hacker on the other end of the exploit can start recording every keystroke you type. This will render any password manager useless as they can see what it takes to ‘open the vault’ when you type the master password.
The Real Question
The security merits can be argued by the experts, but what I suggest you consider is, will using the Google Password Manager be safer than what you are doing now.
If you are one of the millions that uses the same 8-character password on multiple sensitive online accounts, then my answer is unequivocally YES.
Two critical steps for securing your accounts are to make your passwords longer (at least 15 characters) and creating a unique password for each account.
You can certainly be careless with unimportant accounts that don’t store any personal information or credit card numbers, but you need some form of password management for the important ones.
It’s really the only way to adhere to the principles of basic online cyber security trying to remember a long unique password for dozens of accounts is just not feasible.
Many of your accounts may be those that you rarely use, which leads to the inevitable password reset dance that can be completely avoided with a password manager as well.
Are You Already Using It?
A good number of people that use Google Chrome as their browser have likely been using the easy to use password manager without realizing it.
When your browser asks you if you want to save a password for a specific site, it’s essentially asking you if you want to use their password manager.
Browser-based password storage has had a shaky past as the security to protect those stored passwords wasn’t the greatest.
From a current real-world perspective, if you use Gmail or any of the other Google products that requires a username and password, you are already trusting Google with the goods.
A very convenient option in the Google Password Manager is the ability to sync your passwords across devices (https://bit.ly/3bGTL2F). This means your phone and computer can use the same password manger which is very convenient.
If your computer or smartphone has no password to keep a stranger from picking it up and using it, there’s nothing keeping them from fully accessing all your saved passwords either.
If you’re going to use the built-in password manager in Chrome, there are only two things protecting you from a third party – your device password and 2-step verification.
If someone acquires your Google username and password, they can ‘sync’ the passwords as well, which is why the extra layer of protection 2-step verification offers is critical (https://bit.ly/3IeaSox).
You can learn much more about how to use the Google Password Manager at: https://bit.ly/3bJE6j5
About the author
Posted by Ken Colburn of Data Doctors on July 7, 2022