Should You Use the Chrome Password Manager?

Chrome password manager

Year after year, our passwords are proven to be terrible. What’s memorable is trivially easy to crack, but most of us recycle the same handful of passwords across multiple websites. And if one of them is hacked, they’re all vulnerable.

(To find out how vulnerable your favorite passwords are, check out this tool.)

Security researchers from Google and Carnegie Mellon are clear about the problem:

“Given the complexity required by modern password advice, combined with the number of accounts that a frequent Internet user possesses, password management places unrealistic demands on human memory.”

Enter password managers. By automatically handling all your passwords for you, they free you up to choose better passwords and keep them all in one secure place.

Google Chrome comes with a password manager built in. You may even already be using it. But let’s get under the hood and see how to get the best out of it.

How Chrome Password Manager works

Google Password Manager lives natively inside Chrome, so you don’t need to add it to your list of must-have Chrome extensions. Google updates Password Manager as part of Chrome updates, including the Chrome 75 release. (In Chrome 75, you need to enter your Google Account password to use the password manager.)

Chrome manages your passwords, storing them for you and automatically entering them when you visit websites so all you have to do is click Sign In. It can also generate passwords for you.

How does it work on different devices?

Using Chrome Password Manager on desktop

When you enter a password on a site, Chrome will ask you in a popup if you want to save it. If you agree, it will be added to your saved passwords list in Password Manager. If there are several passwords on the page, you can scroll through them in the Password Manager popup to select the one you want to save. There’s the option to edit your username in the popup too.

screenshot of save password prompt

If you want to save a password for the site, but you don’t want to save the one you’ve entered on the site, you can enter a new one in the Password Manager popup.

To have Chrome create a password for you, click on Suggest Strong Password next to the password text box. If you don’t see it as an option, right-click or CMD+click the password text box to bring up the option to generate a password or to see all your saved passwords.

screenshot of save password prompt

A few additional functions you might need:

Sign in with a saved password

If you’ve previously saved a password for the site you’re visiting, Chrome will fill in the sign-in form automatically.

If you have more than one username or password for the same site saved in Password Manager, select the Username text box and choose the set of login information you want to sign in with.

See, delete, or export your saved passwords

Click your profile picture, then select Passwords from the dropdown.

  • To see your passwords, look to the right of each website you’ve saved a password for. There’s an eye symbol: click that and you can see the password saved for that website. (Sometimes you might be asked for your computer’s password before you can see your saved passwords in Chrome.)
  • To remove a password in Chrome, click More next to the website you want to remove the password for, then click Remove.
  • To export your saved passwords to another password manager, find the three dots on the right of the screen opposite Saved passwords, at the head of the list of saved passwords. Click those and select Export passwords. They’ll be exported as a .CSV file, and you’ll need your computer password to complete the export process.

Turn Password Manager on or off

Open your profile in Chrome and select Passwords, then toggle Offer to save passwords on or off.

Using Chrome Password Manager on Android

Enter a new password when you visit a website, and Chrome for Android will ask if you want to save it. Simply tap Save to save the password.

Sign in with a saved password

Open Chrome and visit a site you’ve saved a password for, and Chrome will fill in the login form automatically. If you’ve saved more than one password or username, tap the Username text box and choose from your saved credentials. If you don’t automatically get offered login credentials from Password Manager, tap the key symbol to see your options.

See, delete, or export your saved passwords

Open Chrome and tap More > More on the right of the address bar. Select Settings > Passwords.

  • To see your saved passwords, tap View and manage saved passwords at passwords.google.com to see a list of the websites you’ve saved passwords for.
  • To delete saved passwords, tap the password you want to remove and tap Delete Trash at the top of the screen.
  • To export your saved passwords, tap More > More and then select Export Passwords.

Turn Password Manager on or off

In Chrome, tap the three dots to get the menu up and select More > Settings > Passwords. There you can toggle Save Passwords on or off.

Using Chrome Password Manager on iOS

On iOS, if you’re visiting a site for the first time, Chrome will ask you if you want to save a password for that site. To accept, tap Save.

Go to a site you’ve visited before, and Chrome will autofill your login details if you’ve saved them. If you have saved more than one set of login details, tap the Username text box to see your options. If Chrome doesn’t suggest a password for you, tap the key symbol to choose one from Password Manager.

To see, delete, or export your saved passwords

Open Chrome and tap More > Settings > Passwords.

  • To see a saved password, tap the saved password in the list and select Show.
  • To delete a password, tap Edit at the top right. Then, under Saved Passwords, tap the site you want to remove and select Delete.
  • To export your passwords, scroll to the bottom of your list of saved passwords and tap Export Passwords.

Turn Password Manager on or off

Open Chrome and go to More > Settings > Passwords, and toggle Save Passwords on or off.

Alternatives to Chrome

Chrome is far, far better than not using a password manager at all, but it does have some shortfalls. It doesn’t require you to create a strong master password for all your other passwords, meaning they’re all as vulnerable as your Chrome or Google Account password.

And the autofill function in Chrome Password Manager is a mixed blessing: great for convenience, reducing the process of signing into the sites you use most to simply clicking OK, but not so great for security. Hackers can impersonate websites that you frequent and steal your passwords as autofill drops them into their forms. When passwords guard financial information or sensitive data about your customers, contractors, and staff, that can be disastrous.

Yet at the same time, many alternative password managers improve security but have relatively poorer usability.

So, what’s better than Chrome Password Manager?

The winner: 1Password

1Password has better security than Chrome Password Manager. If someone gets access to your Google or Chrome account, they don’t automatically scoop up your other passwords too.

Here’s what you need to know about using it.

1Password features

Chrome Password Manager is ultimately only as secure as Chrome, which isn’t that secure. But 1Password uses security features like a Secret Key system that uses 128-bit cryptography to provide you with a truly secret, non-replicable login credential, which makes your 1Password account much more secure than a normal web app like Chrome.

There’s also Travel Mode, which removes all your sensitive data, passwords, and login credentials from your devices when you travel, so they’re safe from searches when you cross borders. You can enable traditional 2FA as well.

And the company’s website boasts a potent mix of AES 256-bit encryption and PBKDF2, foregrounding its security credentials. They even have a bug bounty.

1Password has impressive usability too. There’s a browser add-on that works on Chromebooks and Linux as well as Mac and Windows machines, plus forward compatibility—not always a given with third-party applications.

Unlike Chrome, 1Password isn’t free, but it’s not expensive either. Pricing starts at $2.99 per month for a single user, billed annually, rising to $4.99 per month for a family of five, again when billed annually. Professional accounts for teams begin at $3.99 per user per month, and the $7.99 per month Business account offers document storage, VIP support, a custom role structure and access controls on document vaults. Both professional price plans offer integrations for organization-wide 2FA, Admin controls and unlimited vault storage. There’s a custom-priced enterprise plan too.

1Password is a password manager at its core, but its additional features indicate a commitment to security and privacy. So if you really want to keep your accounts secure, it’s worth going with.

How 1Password works

1Password stores all your passwords in an encrypted “vault.” Like Chrome Password Manager, it automatically fills in forms for sign-in on websites. Unlike Chrome Password Manager, you actually have to log in to 1Password before you can use it. Passwords can be stored either locally or in the cloud, in Dropbox and iCloud for example.

Setting up 1Password

When you sign up to 1Password, you’ll download a PDF containing some crucial information: the Secret Key we’ve already talked about, as well as a QR code that you’ll need to add other apps to your 1Password account.

Once you’ve downloaded 1Password and signed in, you need to click or tap Scan Account Details and scan the Setup QR code you received in the PDF. (If you don’t have that to hand, you can download it from the 1Password web app.)

For most users, their chief interaction with the 1Password tool will be via the browser extension, which must be downloaded separately.

Once that’s in place, the process for signing into a given website runs like this:

  1. Arrive at a website.
  2. When prompted by 1Password, click Save Login.

Using 1Password

When you create a new account, you can create a new 1Password record at the same time. There’s also the option to let 1Password create a new password for you, by clicking the 1Password icon in your browser, then Password Generator. Once you fill in your new password, 1Password detects and remembers it.

On mobile, you have to copy/paste passwords into your browser, though Safari has a native extension: tap the Share button, then 1Password, then select the login information you want to use. (It’s sometimes necessary to manually enable this button first.)

Honorable mentions: Lastpass and Dashlane

These two take joint second place as relatively similar tools.

Lastpass offers its users the same military-grade AES256-bit encryption that protects 1Password’s users. Add MFA, local-only storage, and slightly lower costs than 1Password, and it clearly deserves consideration. Only a less user-friendly UX lets it down.

As for Dashlane, it’s known for offering better support and allows you to change multiple passwords at once. There’s also a great warning function that flags potentially weak existing passwords. Dashlane might be the more expensive of the two ($60 per year as opposed to $36) but those additional layers of security might make it worth your money.

So, should you use Chrome Password Manager?

If security is your top priority, Chrome Password Manager is far from the best tool on offer. 1Password or something similar is definitely more secure.

However, the best password manager is the one you actually use. Chrome’s effortless UI means you’re probably using it already without thinking about it, and a collection of strong passwords in Chrome is a lot more secure than the handful of easily broken passwords most of us are still using. Chrome Password Manager is better than no password manager at all.