Quick Links

Key Takeaways

  • Google Chrome's password manager is convenient but has downsides. Hackers can access your passwords stored in your Google account.
  • There is no additional protection if you don't use a password for Chrome's password manager. Hackers can easily access your passwords.
  • Your Chrome passwords can be viewed online and are saved locally on your PC. Take steps to strengthen your password security.

Letting Google Chrome remember all your passwords is convenient, but it has downsides. With the proper tools, a hacker can view all the passwords stored on your Google account and use them to break into your online accounts.

Here's how to view your Chrome passwords from anywhere—and why you may not want to do so.

How Google Chrome's Password Manager Works

The Google Password Manager is integrated into the Chrome browser and is toggled in the settings. You can access the password manager by clicking the three dots in the top right of the browser and then choosing Settings. Once you're in the settings, select Autofill and passwords on the left, then select Google Password Manager.

Opening the Chrome Password Manager

You can also point your browser towards "chrome://password-manager/passwords" to see them.

Whichever route you take, the Chrome Password Manager will show you all the website login details you've saved to it. You'll see each username stored for each website and a password field masked by dots. When you click the eye icon next to the password, Chrome will ask you for your operating system profile's password or PIN. Once you've done this, Chrome will reveal the password you requested.

Clicking the eye icon on the Chrom Password Manager

The Downsides of Google Chrome's Password Manager

Using Chrome Password Manager is very convenient. It syncs your password between your devices and automatically fills in forms on any PC you need to sign in. If you need to remember a password (for example, if autofill doesn't do its job), you can use the manager to remind yourself what the password is.

Unfortunately, the Google Chrome Password Manager does have its downsides. It's worth taking these into account, so you can protect your passwords—that is if you still want to keep Chrome's Password Manager after you learn about the negatives!

There's No Additional Protection If You Don't Use a Password

Remember how Chrome's Password Manager asks for the password or PIN you use to log on? Things get a little worrying if you don't use a login code. Without a login code, someone can sign in to your profile, boot up Chrome, and look at all the passwords they want without any security checks.

Even if you use a PIN or a password, a hacker can access your password if they learn the code. At the time of writing, there's no way to add two-factor authentication to the Chrome Password Manager; if someone knows your PIN or password, there's little stopping them from accessing it. Furthermore, as Chrome Password Manager has an export all passwords option, you might find your entire password list compromised in seconds.

Also, if you frequently re-use passwords (this bad practice is a security risk, by the way), the intruder can use this bad habit to crack open your other accounts without needing to see every password. All they need is the website you visit and your username, and they have a "skeleton key" that unlocks any of your accounts.

Your Chrome Passwords Can Be Viewed Online

Near the top of the password manager settings page in Chrome, you'll see the sentence "View and manage saved passwords in your Google Account." You can click the words "Google Account" to go to passwords.google.com.

When you visit this link, Google will show you all the login details for every account you've stored with Chrome. You can view your passwords here, too; you just have to pass a Google Account password check before you see them. This means someone with your Google password can view all your account details remotely.

Fortunately, Google has geolocation tracking turned on by default, so someone logging in from a foreign country will be flagged as suspicious and denied entry. However, if the person snooping on your passwords is using the same connection as you, they can skip this check.

Your Chrome Passwords Are Saved Locally

On top of all this, all your login details are saved onto your PC. Don't believe us? On Windows, go to "C:\Users\[user]\AppData\Local\Google\Chrome\User Data\Default," where [user] is your username. Then, open the "Login Data" file in a text editor.

You should see the websites you've saved and the username for each one. Fortunately, the password is encrypted, but there are tools online that can decrypt this file. As such, if someone gets their hands on this file, they can get all your login details with a little bit of work.

How to Strengthen Your Chrome Password Security

As you can see, there's a lot that can go wrong with Chrome's Password Manager. However, if you can't bring yourself to axe the feature, there are ways to strengthen your security.

Password Protect Your Operating System

To start, put a password or PIN code on your operating system. It may be an annoying hurdle if you're the only one using the computer, but it gives you that added defense against prying eyes. Plus, it's a good defense if anyone tries to access your PC without your permission.

Protect Your Google Account With Two-Factor Authentication

You can also set up your Google Account for two-factor authentication. That way, if someone tries to access the passwords page for your account, they'll need a second code to proceed. All you need to do is keep the code safe, and your passwords are secure.

Use the Chrome Password Manager's On-Device Encryption

If you're worried about the Login Data file mentioned earlier, you should enable Chrome's on-device encryption. This will properly encrypt the Login Data file, so you don't need to worry about people stealing data from it.

To enable this feature, visit passwords.google.com and click the cog icon at the top right.

Clicking the cog icon

Then, under On-device encryption, click Set up.

Setting up on-device encryption

Google will guide you through the process of setting up encryption. Once it is set up, there's no way to remove it again, so make sure you're certain you want to do this. Also, some websites won't automatically log you in once you encrypt your data.

Use a Third-Party Password Manager

If you want more control over your passwords, try a third-party password manager instead. That way, you're not bound to Google's way of handling your data.

Make Your Passwords More Memorable

If you rely on a password manager to keep your accounts in check, you may be setting passwords that are hard to remember. Having a plan that creates memorable passwords for every website without re-using the same one is a good idea.

If you always forget passwords, check out how to create a strong password you won't forget.

Is the Chrome Password Manager Safe to Use?

The Chrome Password Manager is a convenient way to store and manage passwords. It is generally safe to use, especially for users who primarily operate within the Google ecosystem, encrypting passwords with the user's Google Account credentials, adding a layer of security.

However, its safety depends significantly on the strength of your Google Account password and other security features, such as two-factor authentication. While it's less secure than a dedicated password manager, which typically offer better security features and encryption methods, it provides a decent level of protection for everyday use.

So, with all that said, it all comes down to you weighing up convenience against the potential risks and considering your personal security needs when deciding to use Chrome's Password Manager.