If you’re someone the password manager doesn’t bother you – although you probably should – you may be excited to hear that the updated Google Chrome 69 includes better password management, and even a password generator. Beware, though: This new feature makes it important to secure Chrome itself.
Google has introduced a built-in password manager since around 2015, when it began offering to store passwords within the browser as part of the Smart Lock feature. (Chrome stored passwords even before, although the way some did consider them really unsafe.)
Now, however, Google is a step forward. Creating a random password provides the first time you sign in to a new site, such as:
Sign up for a new account on a website and Google Chrome 69 will offer to generate a new random password.
Chrome then offers to store this password in your browser. The next time you sign in to the site (if you allow it), Google will use your stored and random password to sign in.
Of course, this makes it easier for Chrome users to create “secure” passwords for each new site, since the password Chrome creates is just a combination of numbers and letters. (It’s unclear whether Chrome will automatically create passwords that comply with site rules – think of the “minimum XX, one, one letter” rules you’ll find on some sites – despite the passwords you created in the test The site is compatible.)
Make sure Chrome isn’t the weak link
However, the more keys you store in the Chrome Security Box, the more you want to make sure that Chrome itself is completely secure. First, be aware that if you store a random password for a site like Netflix inside Chrome, you still have to enter that password if you access Netflix in an app or on a streaming device that doesn’t use Chrome as an interface. Fortunately, all your passwords can still be accessed through passwords.google.com, where you can search for the site name and reveal each individual password, then type it.
You can do this, and you’ll probably be surprised at how many passwords you have stored inside Chrome for convenience. (Consider removing some of these items.) To access them, you’ll first need to type your Google Account password.
This is the master password that you will need to fully secure. Make sure it is unique. If you simply choose to save it, make sure it’s a long passphrase with enough randomness inside to fool both bots and spies. (There is something like “HowN0w, Browncat? Numnumtime!” Is unforgettable and not complicated.) Never save this password in a spreadsheet, sticky note, or in a saved email.
Passwords.google.com asks for a Google password before revealing the main menu. Be aware that if you use more than one browser, your password may be stored like any other browser. In the Microsoft Edge browser, for example, the Edge Password Manager does not detect any of your stored passwords – but if you indifferently allow Edge to store your Google password in its main list, an attacker can sign in to your Google password list using a click One, without knowing any of the saved passwords carefully. Within seconds, the attacker may reveal your bank password, then close the tab and you won’t be wiser.
You can help lock your computer by turning on Dynamic Lock for Windows 10.
(Go to Edge settings> Advanced settings> Manage passwords, right-click a specific location and click Remove credentials to clear these stored passwords. You can also make sure your computer is automatically locked if the synced phone is out of range via Windows is called Dynamic Lock: Go to Settings> Sign in options> Dynamic Lock.)
Convenience can weaken two-factor authentication
You may have heard of two-factor authentication – combining something you know, like a password, with something you own, like a phone. Two-factor authentication must already be turned on for your Google Account, so when you sign in to Google on a new PC, you’ll be prompted for your password, and a code will be sent to your phone via the Google Authenticator app.
Despite the passage of time, you may be tempted to allow Google to “trust this computer,” or assume that you are typing your password. While saving time, you also steal some two-way authentication offers.
Google Account controls will help you perform a security check, including an easy way to download the Authenticator app.
Don’t worry, though. Under myaccount.google.com, there are controls to ensure that 2-factor verification is turned on, as well as a control to cancel the trusted status of your signed-in devices. You won’t be able to choose – the control overrides the status of all trusted devices. But because Chrome is becoming more established in securing access to your data, the idea is that you put more precautions on it.
https://www.keyquery.com/internet/google-password-generator/
