Is Google Password Manager Safe to Use in 2024?


Google Password Manager’s fast facts

Pricing: Free for all Google users.
Key features:

  • Password generator.
  • Password autofill.
  • Password checkup and alerts.
  • Password import and export.
  • On-device encryption.

Image: Google

If you find yourself mostly in the Google ecosystem for your day-to-day online activities, you may have wondered if the free Google Password Manager is safe enough as your sole password manager in 2024.

While Google Password Manager aims to simplify password management by offering some vital features, including — password storage, password generation, auto-filling, and security alert, the main concern remains — how safe is the tool in today’s cyber-threat-infested landscape?

In this 2024 Google Password Manager review, I looked into how the solution works, exploring its features, benefits, and drawbacks. I’ll also help you decide if it’s the right choice for your security needs and suggest alternatives if it doesn’t fit the bill.

What is the Google Password Manager?

This is a password manager offered by Google to help users manage, store, and auto-fill their passwords across websites and Google apps. As you’d expect, it’s integrated into Google’s ecosystem, including Chrome browser, Android OS, and Google Drive to allow you to save and sync your passwords to a Google Account. You can also use the tool on your iPhone, iPad, and computer by signing in to your Google account in Chrome. For other browsers like Safari, Edge, and Firefox, you must sign in with a passkey.

How does Google Password Manager work?

Google Password Manager is not like many other dedicated password managers that make it easy to access your passwords on any device or browser. It’s entirely Google-specific, meaning it can only work well with the Google Chrome browser on Android devices. However, you can still access the tool if you are on the iOS train, but you will have to log in to your Google account to make it work.

SEE: Are Password Managers Safe to Use? (TechRepublic)

From my first-hand experience using an Android device, Google Password Manager can perform the functions I explained below.

Password generation

Google Password Manager can generate secure, random passwords for you when signing up for a new website or app. Using the feature is simple, as all you need to do is click on the password text box and then on the “Suggest Strong Password” drop-down menu. You can keep clicking Suggest Strong Password for more options. The dialog box will remind you that Google Password Manager will save your selected password.

Google Password Manager prompts you to generate a password.
Figure A: Google Password Manager prompts you to generate a password. Image: Franklin Okeke

Password autofill

This feature helps you autofill your saved passwords or usernames when you visit a website or open an app synchronized with your Google account. You may be prompted to confirm the auto-filled credentials or select from multiple saved accounts.

Password checkups and alerts

Google keeps your account safe from attacks with Password Checkup. The tool checks your saved passwords against databases of known security breaches. It alerts you if your passwords are weak, reused, or compromised and provides recommendations for creating strong passwords.

Google Password Manager checks for compromised passwords.
Figure B: Google Password Manager checks for compromised passwords. Image: Franklin Okeke

Password import and export

Google can allow you to export or import your passwords to the Google Password Manager in Chrome. During testing, I noticed I can only import passwords in the .csv file format to Google Password Manager. And the imported passwords are capped at the 3,000 maximum limit. To import more, I had to split the passwords into multiple .csv files and import the files separately.

Google Password Manager’s import and export options.
Figure C: Google Password Manager’s import and export options. Image: Franklin Okeke

On-device encryption

With this encryption method, Google uses your device to encrypt your passwords before they’re stored in Google Password Manager. This ensures that only you have access to your passwords. However, you need to be careful when you turn on this feature because if you lose the key, you also risk losing access to your passwords.

How to access your Google Password Manager on Chrome

To access the Google Password Manager tool on Chrome, follow this step below:

Sign in to your Google account in Chrome > Tap the three dots in the top right corner of the window > Navigate to Settings and click the button > Click Google Password Manager.

From the Password Manager tab, you can see a list of your saved passwords, perform password health checkups, and a Settings option to perform password export and import.

What are the downsides of Google Password Manager?

Although the Google Password Manager allows for safe password generation, password checkup, and other features, it may not be the optimal solution or be considered one of the best free password managers. Here are a few drawbacks to the tool that I noticed during testing:

Unclear security encryption

Google Password Manager’s encryption methods are not thoroughly detailed for users. Again, the platform’s code is not open source, so there’s no way to verify whether your data is secure, and this may raise concerns about the safety of your sensitive information.

Works well with only Chrome

Google Password Manager is built into Chrome (on all platforms) and every Android app. So, if you fondly use a different web browser, you might find it difficult to use the tool. To use your Google-saved passwords on browsers like Safari, Edge, and Firefox, you must first sign in with your passkey.

SEE: 5 Best Free Password Managers for 2024 (TechRepublic)

Weak two-factor authentication

When you log into your Google account from a new device, Google uses two-factor authentication to confirm your identity. However, I noticed that 2FA isn’t required before accessing your saved passwords, and this is a major security concern since your passwords can be accessed once an attacker gets your Google account login details.

Lacks some advanced features

I also found that Google Password Manager does not offer some advanced features found in other dedicated password management services like NordPass and 1Password. For instance, it lacks a built-in 2FA feature, the option to create hide-my-email aliases, encrypted vault functionality, the capability to securely share passwords with others outside the Google ecosystem, a standalone app, etc.

What Reddit users say about Google Password Manager

I checked some Reddit communities to see the opinions of other real-world users on Google Password Manager. Here is a summary of what they are saying:

Some Reddit users I found in a Yubikey community believed that using Google Password Manager is way better than not using any password manager at all. Even though the tool can’t give you the robust security available in some dedicated password managers like 1Password and Bitwarden.

SEE: 5 Best Password Managers for Android in 2024 (TechRepublic)

Other users were also worried about the safety of their passwords or credentials, like this Reddit user in a cybersecurity community who asked — “I’ve been considering using a password manager, but from my admittedly poor understanding, it seems like that makes a single point of failure. How are these passwords stored? If someone got access to my Google account, would they suddenly have access to every service I use with my credentials stored in the password manager?”

In addressing the question in the cybersecurity community, some users argued that attackers can lay hands on your saved passwords once they gain access to your Google account. Others suggest it’s better to choose a dedicated password manager with less attack surface or activate multi-factor authentication if you must continue using Google Password Manager.

Google Password Manager alternatives

If you are not satisfied with the Google Password Manager and want to try a dedicated password manager instead, here are the top Google Password Manager alternatives I tested during this review.

Features Google Password Manager 1Password NordPass Keeper
Biometric login Yes Yes Yes Yes
Platform compatibility Android, Chrome, (iOS via Chrome). Firefox, Edge, and Safari with Passkey macOS, iOS, Windows, Android, Linux, Chrome, Firefox, Edge, Brave, and Safari Windows, macOS, Linux, ChromeOS, Android, iOS, Chrome, Firefox, Opera, Edge, Safari, Vivaldi, and Brave Chrome, Safari, Firefox, Edge, Opera, Brave, IE, Windows, Mac, Linux, Android, iOS
Encryption Encryption of an unspecified type AES-GCM-256 authenticated encryption XChaCha20 encryption algorithm AES 256-bit encryption
Two-factor authentication Yes Yes Yes Yes
Password sharing Yes, but only those in your Family Group Yes Yes Yes
Password generation Yes Yes Yes Yes
Password auditing No Yes Yes Yes
Free version Free for all Google account owners Free to try for 14 days Yes Yes
Starting price Completely free $2.99 per month $1.59 per month $2.92 per month
Visit 1Password Visit NordPass Visit Keeper Security

NordPass: Best password manager alternative to Google Password Manager

NordPass logo.
Image: NordPass

NordPass offers good password security for personal and professional use at a reasonable price. It protects your accounts by using the xChaCha20 encryption algorithm. Aside from having important features like breach scanner, encrypted vault, and password health, it also has a new feature called email masking, which you can use to protect your email address online. Google Password Manager, on the other hand, isn’t open about its security encryption method; while having breach scanner equivalent in password checkup, the process itself isn’t zero-knowledge.

1Password: Best alternative to Google Password Manager for cross-platform compatibility

1Password logo.
Image: 1Password

1Password is a highly secure and feature-rich password manager with an easy-to-use Chrome extension. 1Password allows you to securely share logins, credit cards, and more with people. One thing I like about 1Password over Google Password Manager is that you can create expiring links to share single items with anyone — even if the person doesn’t use 1Password. Again, unlike Google Password Manager, which only works well with the Chrome browser, 1Password on the other hand has browser extensions for Google Chrome, Microsoft Edge, Mozilla Firefox, and Apple’s Safari.

Keeper: Best Google Password Manager alternative for enterprise usage

Keeper logo.
Image: Keeper

Keeper is a good password manager that combines stringent security features with a user-friendly experience. I picked Keeper as a good alternative because it provides real-time data on security risks with comprehensive visibility, control, event logging, and reporting suitable for large enterprises. It has also passed an independent security audit, which ensures user data is secure. In contrast, Google Password Manager doesn’t present you with any form of visibility into password management, and it has not been audited due to its closed-source nature.

Is a dedicated password manager worth it in 2024?

While Google Password Manager can give you some basic password management features, including password generation, auto-filling, and password checkup, it still cannot be compared to dedicated password managers in many other areas beyond the basic features.

SEE: 5 Reasons Why You Should Use a Password Manager (TechRepublic)

Today’s online landscape is fraught with many cyber threats, and only a dedicated password manager can offer advanced features like zero-knowledge encryption, cross-platform compatibility, travel mode, and secure password sharing and inheritance options for adequate security. Larger enterprises can also find dedicated password managers more useful due to their customization, independent company focus, and better customer support systems.

So, the choice of your password manager depends on your online security needs. But one thing I would advise is that if you’re a large enterprise, it would be better to go for a dedicated password manager, but if you only need a password manager for basic, individual protection, then the Google Password Manager is a good option since it’s entirely free.

FAQs

Can Google password manager be trusted?

While better than having no password manager, Google Password Manager’s security leaves much to be desired. Its closed-source nature and lack of zero-knowledge encryption should be of great concern.

SEE: Why Your Business Needs Cybersecurity Awareness Training (TechRepublic Premium)

Is Google password checkup safe?

Yes. Google password checkup helps you to get details on any password exposed in a data breach and any weak, easy-to-guess passwords in your Google Password Manager.



Source link