If you look into your online footprint today, you’ll probably find out that you’ve signed up for hundreds of online services and websites. And unless you’re using a password manager, it’s hard to choose unique passwords for every one of them.
In case you’re wondering, it’s imperative to use strong and unique passwords for all your online accounts. Recently, there have been many reports of services being compromised and passwords being leaked and sold on the dark web. If you’re using the same passwords on multiple accounts, one such incident could put all your accounts at risk.
Password management software generates and stores unique and strong passwords on your behalf. Integrated within web browsers and third-party apps, they also offer to autofill saved passwords into login forms, so you don’t have to remember them. Thus, they can be a lifesaver when it comes to securing your online accounts.
Must-have features for a password manager
Though there is now a flurry of options when it comes to choosing a password manager, the following are some of the key features that an ideal password manager should have.
Suggested Passwords & Autofill
A modern password manager should have the ability to generate unique passwords made of random characters, store them in the password vault and offer to autofill them during the login process. They should also have the ability to suggest a unique password when you’re signing up for a new online service.
Suggested passwords are useful as they eliminate predictability. The human mind is attracted to patterns and can’t memorize a random sequence of characters. So, when you’re choosing your own passwords, they usually comprise of known dictionary words or character sequences, which are much easier to crack. A software-generated password is random and difficult to guess. And autofill takes away the need to remember them.
Generating random passwords is great, but when you have multiple devices, you should be able to access your passwords from any of them. Thus, an ideal password manager should store and sync passwords across all your devices. This will allow you to seamlessly login to websites on your computers as well as mobile devices.
When it comes to syncing data across multiple devices, there’s usually the factor of your data being transmitted over the Internet via third-party servers. So, it’s important to ensure that no one except you can read your data.
A password manager should let users have control over their data. It should allow users to encrypt the password data locally on-device, in such a way that only the user can decrypt the information; also known as zero-knowledge encryption.
A password manager that ticks all the above boxes can be regarded as secure and reliable.
Over the years, Apple has built quite a robust password manager for its ecosystem that fulfills all of the above key conditions. And it’s free to use on as many macOS and iOS devices as you can own. It’s called the iCloud Keychain.
The keychain is integrated into Safari on macOS and iOS, automatically suggesting and storing unique passwords, as well as auto-filling them in login forms. It also syncs across multiple devices, but Apple does not have access to your Keychain data. When you add a new device under your Apple ID, the Keychain is downloaded to the device and decrypted locally.
The deep integration within the macOS and iOS operating systems enables iCloud Keychain to also store and manage not only online passwords, but also Wi-Fi passwords, backup disk passwords, and various other offline data.
How to make Google Password Manager more secure
Until recently, there wasn’t an effective free alternative to iCloud Keychain for non-Apple users (Windows, Android). But, over the years, Google’s password manager built within Chrome, has come close. Let’s take a look at what it has to offer and how to get the best out of it.
Evolution of the Chrome Password Manager
In the earliest days of the Chrome Password Manager, you had to choose your own passwords, and Chrome would automatically save them. There was no particular security measure implemented, and anyone with access to the browser would be able to view your passwords.
In the next iteration, Google Chrome protected user passwords with the system credentials. This was before mobile became mainstream, and most of the web browsing was done on computers. You could sync your passwords on any Chromium-based browser logged in with your Google credentials. Yet, there was no dedicated password manager accessible through the web interface.
Then came the modern Chrome Password Manager, which encrypted your saved passwords in the cloud using your Google credentials. This version is still available today, and you can access your passwords in Chrome on desktop and mobile, as well as on the web.
This version brought password sync between Chrome on Windows, Mac, Android, and iOS; suggested passwords came later, but it still wasn’t as secure as iCloud Keychain.
On the one hand, Google makes it easy to recover your passwords, as long as you have access to your Google account. It also occasionally gives you suggestions to change some of the weak passwords. However, at the time, it was still lacking local encryption – which meant, Google held the decryption keys to your passwords.
Regardless of the convenience, some users may not be comfortable trusting third-parties with their confidential data. So, ideally, users should be given a choice between greater convenience and more security. In the latest iteration, Chrome’s Password Manager delivers that choice.
In Chrome’s Sync Settings, you can now choose whether to encrypt your synced passwords with your Google credentials or with a custom passphrase.
The first option is the default and works exactly as before. The second option, however, lets you use a custom passphrase (master password) to encrypt your synced passwords. The encryption or decryption happens locally on-device, and only the encrypted file is synced in the cloud.
With this option, Google doesn’t have the decryption keys to your saved passwords, and if you forget the passphrase, there’s no way to recover the data. And since Google can’t decrypt your passwords, the online password manager is also disabled in this case. It takes away the trust factor away from Google and puts the control in your hands.
With the sync passphrase turned on, you would need to enter the custom passphrase on all the devices where you’ve signed into Chrome using the same Google account.
If you want to change your passphrase or go back to the regular Google password sync, you need to reset sync, sign out, and then sign back into all your devices to resume syncing passwords.
More recently, Chrome’s password manager also began to integrate with other apps on Android, letting you save and auto-fill not only web passwords, but native app passwords as well.
Hence, with suggested passwords, local encryption, and enhanced multi-device support, Chrome’s Password Manager is as close as it gets to Safari’s Password Manager (or iCloud Keychain) on macOS and iOS.
How to use suggested passwords in Chrome
The following steps will help you create a secure password when you sign up for a new website.
- Open the URL for the new service for which you want to sign up, using Google Chrome.
- Click on Sign Up and fill in the required details.
- In the password field, a drop-down automatically appears with the Suggest Strong Password option. Select that option.
Chrome auto-fills the password field with the suggested strong password and saves it to the password manager so that you wouldn’t have to remember it next time. Whenever you try to login to the same service, Chrome will auto-fill the saved password.
Tip: If you’re not satisfied with the complexity of a suggested password any time, you can click outside the password field in the sign-up form, and then click on it once again. Google will suggest a different password this time. You can repeat this step as many times as required until you have a password that satisfies you.
Encrypt synced passwords with a custom passphrase in Chrome
The following steps will guide you to encrypt synced passwords with a custom passphrase in Chrome.
- Launch Google Chrome on your macOS or Windows computer.
- Go to Settings from the top right corner.
- Click on the arrow adjacent to Sync and scroll down to the Encryption options.
- Select the second option (i.e., Encrypt synced data with your own sync passphrase).
- Provide your custom passphrase to encrypt your synced passwords.
From now on, whenever you set up Chrome on a new device, you need to provide your custom passphrase in Chrome, by going to Passwords under the Autofill section. Your passwords won’t be viewable online while sync passphrase based encryption remains turned on.
The best free password manager
If you’re already into the Apple ecosystem, iCloud Keychain is your best option for password management. And, if you’re primarily a non-Apple user and your favorite web browser is Chrome, the updated Google Password Manager is as close as it gets to being an iCloud Keychain alternative. Google Chrome is available on all major operating systems, including macOS, Windows, iOS, and Android; its password sync feature works seamlessly across all the supported devices.
If you’re frequently using different devices spread across different ecosystems (such as Mac, Windows, iOS, and Android), opting for a third-party password manager with cross-platform support might be your best bet.
Alternatively, if you don’t want a paid solution, you can probably use both iCloud Keychain and Google Passwords simultaneously and keep an identical copy of password lists on both the services.
That way, you can continue getting autofill suggestions no matter what device you’re on. Chrome passwords would also serve as a backup of your Safari passwords. And if you ever get locked out of all your Apple devices, you would still be able to restore your iCloud Keychain from the copy of your passwords stored in Chrome.