We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
Google Password Manager
RG2015
Posts: 6,043 Forumite
Does anyone have any comments on Google Password Manager?
This appears to have superseded the Chrome Browser password store although I do not recall seeing any notification of this.
I assume that this is as secure as any other password manager but I would not know how to verify its security credentials. Any help here would be much appreciated.
This appears to have superseded the Chrome Browser password store although I do not recall seeing any notification of this.
I assume that this is as secure as any other password manager but I would not know how to verify its security credentials. Any help here would be much appreciated.
0
Comments
-
After the most recent Chrome update an extra window appeared with details of the new password manager, maybe you missed it.2
-
I don't know what the 'Chrome Browser Password store is', Chrome has featured the Google Password Manager for many years now (though recently they have been actively been pointing it out).
People have a misunderstanding on how password managers work and apply undue pessimism on their security.
Firstly and most importantly, GPM features 256-bit encryption (as do all of them) and end-to-end encryption. Despite what everyone thinks, Google does not have a database that says:
Username Password
Exodi Password1!
Martin_Lewis M53xpert
The data is encrypted with the keys held on peoples browsers. So the data on Googles servers would a muddled jumble of numbers and letters - the head of Google couldn't even find out someones username or password if they wanted to, the keys are specific to the users browsers.
To this end, even if someone did manage to hack Googles database (which you can expect would have world-leading security as they are one of the biggest tech companies on the planet), the data they would gain would effectively be useless.
Security breaches related to password managers are usually a consequence of someone accessing your Google account - which commonly happens when your login details are leaked on a database from a smaller website breach (and hackers usually try the details on numerous websites as most people use the same password for everything).
2FA solves most of this risk though. 2FA + Password Manager is more than secure in my opinion.Know what you don't3 -
It appears that uk.pcmag.com has some reservations about using Google password manager.
https://uk.pcmag.com/password-managers/145831/warning-dont-let-google-manage-your-passwords
0 -
Personally I don't use any browser based password managers, or proprietary password managers that do not open source the code for scrutiny by the community.
Bitwarden is one which meets those criteria and is highly recommended by security experts. They have plugins for most browsers, so it works pretty much seamlessly across multiple browsers (and apps) on multiple devices and platforms.2 -
Thank you for your post but I have to admit I don't understand.400ixl said:Personally I don't use any browser based password managers, or proprietary password managers that do not open source the code for scrutiny by the community.
Bitwarden is one which meets those criteria and is highly recommended by security experts. They have plugins for most browsers, so it works pretty much seamlessly across multiple browsers (and apps) on multiple devices and platforms.
For example how am I meant to make an informed decision when different people say completely different things.
You mention security experts but who are these people?
Furthermore what exactly do you mean by open source the code for scrutiny by the community? It sounds like this would make it easier for the hackers to break in to it?1 -
RG2015 said:It appears that uk.pcmag.com has some reservations about using Google password manager.
https://uk.pcmag.com/password-managers/145831/warning-dont-let-google-manage-your-passwordsWhat the Experts Say About Browser Password Managers
To supplement my own knowledge and experience, I called on experts from several well-known commercial password manager companies, including Craig Lurey, co-founder and CTO of Keeper; NordPass CTO Tomas Smalakys; and Michael Crandell, CEO at Bitwarden.
--
In other news, the heads of Sainsbury's, Asda, Aldi and Lidl recommend against shopping at Tesco.
Know what you don't5 -
When you read what security "experts" say and then read what Joe Bloggs says about them, then read what the NCSC says about them, the only conclusion you come to is that these are opinions - and opinions are like backsides, because everybody's got one...The NCSC (National Cyber Security Centre) says "When you're logging into your online accounts, most web browsers (such as Chrome, Safari and Edge) will offer to save them for you. It's safe for you to do this on your own device", which contradicts the "expert" in the article posted above.I'd be inclined to say just do whatever works for you - password manager, browser password manager, post it notes stuck on the fridge...1
-
By open sourcing the code, you can see if it does what it says it will and has no back doors etc. Open sourcing doesn't make it less secure because the security comes from the encryption.RG2015 said:
Thank you for your post but I have to admit I don't understand.400ixl said:Personally I don't use any browser based password managers, or proprietary password managers that do not open source the code for scrutiny by the community.
Bitwarden is one which meets those criteria and is highly recommended by security experts. They have plugins for most browsers, so it works pretty much seamlessly across multiple browsers (and apps) on multiple devices and platforms.
For example how am I meant to make an informed decision when different people say completely different things.
You mention security experts but who are these people?
Furthermore what exactly do you mean by open source the code for scrutiny by the community? It sounds like this would make it easier for the hackers to break in to it?
As users of some losed source commercial password managers (eg LastPass) found, it's only when a massive breach occurs that you know there are problems. An open source manager can be analysed by real security experts who can also verify a particular installation is intact and not compromised.2 -
The fundamental question is:Do you believe that Google can be trusted with your passwords?1
-
I was slightly concerned when I started this thread but now I am not.John_Gray said:The fundamental question is:Do you believe that Google can be trusted with your passwords?
I am grateful for all the responses and see no reason not to continue using Google password manager.
1
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 349.7K Banking & Borrowing
- 252.6K Reduce Debt & Boost Income
- 452.9K Spending & Discounts
- 242.7K Work, Benefits & Business
- 619.4K Mortgages, Homes & Bills
- 176.3K Life & Family
- 255.6K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 15.1K Coronavirus Support Boards