If you’re a person who hasn’t bothered with a password manager—though you probably should—you may be excited to hear that the updated Google Chrome 69 includes better password management, and even a password generator. Beware, though: This new feature makes it even more important to lock down Chrome itself. 

Google has offered a built-in password manager since around 2015, when it began offering to store passwords within the browser as part of its Smart Lock feature. (Chrome had stored passwords even before then, though the way it had done so was considered by some to be really insecure.) 

Now, however, Google takes it a step further. It offers to create a random password the first time you log into a new site, like so:

imgur test account Mark Hachman / IDG

Sign up for a new account on a Web site and Google Chrome 69 will offer to generate a new, random password.

Chrome then offers to store that password within the browser. The next time you log into the site (if you allow it), Google will use that stored, randomized password to log in. 

Naturally, this makes it extremely easy for Chrome users to generate “secure” passwords for each new site, because the password Chrome creates is essentially just a mishmash of numbers and letters. (It’s not clear whether Chrome will automatically generate passwords that are compliant with a site’s rules—think the “XX minimum characters, one number, one special character” rules that you’ll find on some sites—though the passwords I generated on a test site conformed.)

Be sure Chrome isn’t the weak link

The more keys you store in Chrome’s lockbox, though, the more you’ll want to ensure that Chrome itself is totally secure. First, be aware that if you store a randomized password for a site like Netflix within Chrome, you’ll still have to enter that password if you access Netflix within an app or on a streaming device that doesn’t use Chrome as an interface. Fortunately, all of your passwords should still be accessible via passwords.google.com, where you can search for the site name and reveal each individual password, then type it in.

Do so, though, and you’ll probably be amazed at the number of passwords you stored within Chrome for convenience’s sake. (Consider eliminating some of these.) To access them, you’ll first need to type in your Google account password.

It’s that master password that you’ll need to secure absolutely. Ensure it’s unique. If you choose simply to memorize it, make sure it’s a lengthy passphrase with enough randomization inside it to fool bots and spies alike. (Something like “HowN0w,Browncat?numnumtime!” is both memorable and complex.) Never save this password in a spreadsheet, or a sticky note, or in a saved email.

Source link


Please enter your comment!
Please enter your name here