You may soon save Chrome passwords to your Google Account, even if Sync is disabled
Google is testing a new feature in the company's Chrome web browser currently that allows Chrome users to save passwords in Chrome to a Google Account; this will work even if sync is not enabled in the browser.
Google Chrome supports saving passwords locally regardless of sign-in state of the user or sync-state. The option is enabled by default and users may disable it, e.g. when they are using a password manager to save passwords.
Chrome users may sign-in to the browser to link their account to it, but this won't enable Sync functionality. Sign-ins happen when a user opens a Google property to sign-in using the Chrome browser.
Sync needs to be enabled independently of that so that synced data is synchronized between different Chrome installations.
The new option to save to a Google Account looks on first glance very similar to Sync, as it provides users with remote storage for saved passwords. One of the main differences is that access to the saved passwords may now be offered on additional devices and applications, independent of Chrome.
Google benefits from this as well, as Chrome users who don't use Sync might use the option to save passwords to their Google Account, giving Google more control over the data.
The experimental feature landed in Chrome 89 and needs to be enabled before it becomes available. Once enabled, and without Sync enabled, you may open Chrome's password management page by pointing the browser to this URL: Â chrome://settings/passwords
Check "Saved Passwords"; you should see "You can also show passwords from your Google Account here. Additionally, you may get the new "move to Google Account" option for saved passwords that are not stored there yet when you click on the three dots next to a saved password.
Google Chrome displays an option to sign-in using passwords saved to the Google Account during sign-in when you select the username or password field.
If you use a password that is not stored in the Google Account, you get a prompt to move it to the Google Account to access it from everywhere you are signed-in to the account, and if you sign-up, you get the option to save the account credentials locally or in the Google Account.
How to enable the feature in Chrome Canary
Google added the feature to its Canary version of the Chrome browser. You need to do the following to enable it:
- Load chrome://flags in the browser's address bar.
- Search for "account data storage".
- Set the flag "Enable the account data storage for passwords" to Enabled.
- Set the flag "Enable IPH for the account data storage for passwords" to Enabled.
- Restart Google Chrome.
All that is left to make sure of is that Sync is not enabled.
The feature is experimental at this point in time, and it is possible that it will get removed before it lands in Stable. It looks however as if it could become the new default option for all Chrome users who are signed in to Chrome but have not turned on Sync. Account Credentials are stored independently of the Chrome browser, and that would provide users with access to them in other apps and when using devices that Chrome is not available for.
Now You: What is your take on the new feature? (via Techdows)
Whoever uploads his or her passwords to Google I would consider to be a bit crazy, to put it mildly. You potentially give them access to all of your accounts!
But as always, some people will use it, because convenience > everything else. Makes me sick that people give away their freedom (which includes sovereignty over your data to the greatest extent possible) in exchange for a tiny weeny bit of convenience.
Anyway, I am not using Google Chrome, and other Chromium variants won’t have that feature.
I’m not uploading my passwords to Google. However, I’m already using my Gmail for my PayPal login, work and a few social networks, with a stupid complicated password and two-factor authentication, so Google can already use that if they want to… But they didn’t, imagine that. Why would a multi-trillion company across the ocean bother with me when they earn big money elsewhere? Also, if my religious/right neighbors knew that I’m not one of them I’d be in actual, physical trouble. So, who’s the lesser evil? What’s safer? Sure, be wary of Google, but as much as they spy on you they do try to protect you as well (unlike, ahem, Facebook, my ISP provider or anyone using SolarWinds) – remember Google+? Got hacked, they terminated all of it.
It’s not only about Google using or not using the passwords (they probably won’t use them unless you are being targeted by law enforcement or secret services, with whom Google does cooperate), it’s also about basic security concepts, such as not putting all your eggs in one basket, so to speak. If there is a single point of failure, e.g. a single account which contains everything, an account that can be hacked (could be as easy as phishing), then this is NOT good. If one wants to achieve a certain degree of convenience, which is understandable in my book, personally I’d rather recommend password managers like Bitwarden or LastPass. All IMHO, of course.
Sorry to hear about the situation with your neighbors, but one can’t do much about what other people think or do (unless getting away from them is an option, I guess), but when it comes to your online security, you are in charge and the one to make the decisions… IMHO a single point of failure – whether or not Google itself exploits it is secondary – is not a good idea.
You can encrypt your passwords with a passphase, but I beleive that limits functionality of this feature in turning it into an integrated password manager though
What an awesome bad idea. Giving Google and potentially anyone that breaks into your Google Account the keys of all your kingdoms. Do they ever read the phrase don’t put all your eggs in one basket? I do know if it is me or the whole world is getting dumber every day. At this pace, a few wise guys will run the show and steal other people lives like they take candies from a toddler hand.
In general they would usually already have the keys to the kingdom as 2FA tends to fallback to email for most authentication.
Better to just bet on Google being absolutely secure (I use a hardware key for all google 2FA logins. Problem solved.
So yeah storing your passwords in your google account isn’t that bad an idea.
Do you not read the news?
The entire US goverment just got hacked.
You should NEVER store your passwords any place that is connected to the internet!
Are the passwords encrypted or does Google get to see the sites i visit AND the passwords associated with them if they are stored in my Google account?
Even if the passwords would be claimed to encrypted on transmission and rest, Google will most likely have a backdoor (PRISM). While the passwords might be somewhat protected in case Google servers get hacked, they will not be protected from Google’s and co. preying eyes nor from someone hacking into your Google account.
Anything going through the internet should be for the very least zero-knowledg and encrypted on the client-side (and even then one has to know what one is doing).
Contrary to commom belief, encryption is a system, not a “feature, and that system is only strong and reliable as its weakest link/component. True encryption is even dangerous for the uninitiated, as they are likely to get locked out of their data/end up with corrupt data before long.
This is why most servicrs offering encryption today are mostly promoting a false sense of zecurity as they are not truly zero-knowledge, which means someone, somewhere, has access to your data.
Voluntarily give Google any data? I think not.
Voluntarily give Google your passwords? You gotta be nuts.
Inb4 all the shills talking about “but muh Google already has their AD NETWORK, EMAIL etc.” Obviously, Google has done a lot to be pervasive, but it’s great to see there are only so many straws!
“Don’t be evil”…
Does any of you have any proof, you all accuse google of using password to connect themselves on our account but i want to see proof not just your stupid theory.
And i tell that even if i hate Google and don’t use any of their services.
Think about what you are asking. Proof of that would be a scandal, and a tsunami of class actions.
You do not need proof here but common sense. For example, what does your bank tell you about your PINs and password? Do NOT share them. Only for your personal use.
Remember: a secret is a secret if three people know it and two are dead.