Google Chrome's new password manager makes securing Chrome even more important

Google's Chrome 69 includes a nifty new password manager that promises to make third-party password managers unnecessary by both generating and storing site passwords. But that makes securing Google's main password even more important.

Credit: Rob Schultz

If you’re a person who hasn’t bothered with a password manager—though you probably should—you may be excited to hear that the updated Google Chrome 69 includes better password management, and even a password generator. Beware, though: This new feature makes it even more important to lock down Chrome itself. 

Google has offered a built-in password manager since around 2015, when it began offering to store passwords within the browser as part of its Smart Lock feature. (Chrome had stored passwords even before then, though the way it had done so was considered by some to be really insecure.) 

Now, however, Google takes it a step further. It offers to create a random password the first time you log into a new site, like so:

imgur test account Mark Hachman / IDG

Sign up for a new account on a Web site and Google Chrome 69 will offer to generate a new, random password.

Chrome then offers to store that password within the browser. The next time you log into the site (if you allow it), Google will use that stored, randomized password to log in. 

Naturally, this makes it extremely easy for Chrome users to generate “secure” passwords for each new site, because the password Chrome creates is essentially just a mishmash of numbers and letters. (It’s not clear whether Chrome will automatically generate passwords that are compliant with a site’s rules—think the "XX minimum characters, one number, one special character" rules that you’ll find on some sites—though the passwords I generated on a test site conformed.)

Be sure Chrome isn’t the weak link

The more keys you store in Chrome’s lockbox, though, the more you’ll want to ensure that Chrome itself is totally secure. First, be aware that if you store a randomized password for a site like Netflix within Chrome, you’ll still have to enter that password if you access Netflix within an app or on a streaming device that doesn’t use Chrome as an interface. Fortunately, all of your passwords should still be accessible via, where you can search for the site name and reveal each individual password, then type it in.

Do so, though, and you’ll probably be amazed at the number of passwords you stored within Chrome for convenience’s sake. (Consider eliminating some of these.) To access them, you’ll first need to type in your Google account password.

It’s that master password that you’ll need to secure absolutely. Ensure it’s unique. If you choose simply to memorize it, make sure it’s a lengthy passphrase with enough randomization inside it to fool bots and spies alike. (Something like “HowN0w,Browncat?numnumtime!” is both memorable and complex.) Never save this password in a spreadsheet, or a sticky note, or in a saved email.

The site asks for your Google password before divulging the master list. Be aware that if you use more than one browser, your password might be stored like any other. In Windows’ Microsoft Edge browser, for example, the Edge password manager doesn’t reveal any of the stored passwords—but if you carelessly allowed Edge to store your Google password in its master list, an attacker could log into Google’s master password list with a single click, and without knowing any of your carefully memorized passwords. Within seconds, the attacker could reveal your banking password, then close the tab and you’d be none the wiser.

Windows 10 dynamic lock retry Mark Hachman / IDG

You can help lock down your PC by turning on Windows 10’s Dynamic Lock.

(Go to Edge’s Settings > Advanced Settings > Manage passwords, then right-click a given site and click remove credential to erase these stored passwords. You can also make sure your PC locks automatically if a synced phone goes out of range through a Windows feature called Dynamic Lock: Go to Settings > Sign-in Options > Dynamic Lock.)

Convenience can weaken two-factor authentication

You’ve probably heard of two-factor authentication—combining something you know, such as a password, with something you own, like a phone. You should already have two-factor authentication turned on for your Google Account, so when you log into Google on a new PC you’ll be asked for your password, then a code will be sent to your phone via the Google Authenticator app.

Over time, though, you may be tempted to allow Google to "trust this computer," or assume that it’s you typing in your password. While you save time, you’re also robbing yourself of some of the security two-factor authentication offers. 

google account two factor Mark Hachman / IDG

Google’s account controls will help you perform a security checkup, including an easy way to download the Authenticator app.

Don’t worry, though. Within, there are controls to ensure that two-factor verification is turned on, plus a control to revoke trusted status from your logged-in devices. You won’t be able to pick—the control revokes status for all of your trusted devices. But as Chrome becomes more entrenched in securing access to your data, the idea is that you’re placing more safeguards upon it. 

If two-key authentication still isn't enough, additional layers of security like the YubiKey hardware dongle have been around for half a decade or so. Many of you will opt for the convenience of leaving everything within Chrome, however. 

Chrome 69 also includes such features as a reworked UI and an "omnibox" search box that will start to return results as well as auto-suggest search queries. But the upgraded password manager is the most important feature releasing in conjunction with Chrome's tenth anniversary. As the most popular PC browser by far, it’s also the one that you’ll probably be asked to use in the near future.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.
Mark Hachman

Mark Hachman

PC World (US online)
Show Comments

Brand Post

Most Popular Reviews

Latest Articles


PCW Evaluation Team

Jack Jeffries


As the Maserati or BMW of laptops, it would fit perfectly in the hands of a professional needing firepower under the hood, sophistication and class on the surface, and gaming prowess (sports mode if you will) in between.

Taylor Carr


The MSI PS63 is an amazing laptop and I would definitely consider buying one in the future.

Christopher Low

Brother RJ-4230B

This small mobile printer is exactly what I need for invoicing and other jobs such as sending fellow tradesman details or step-by-step instructions that I can easily print off from my phone or the Web.

Aysha Strobbe

Microsoft Office 365/HP Spectre x360

Microsoft Office continues to make a student’s life that little bit easier by offering reliable, easy to use, time-saving functionality, while continuing to develop new features that further enhance what is already a formidable collection of applications

Michael Hargreaves

Microsoft Office 365/Dell XPS 15 2-in-1

I’d recommend a Dell XPS 15 2-in-1 and the new Windows 10 to anyone who needs to get serious work done (before you kick back on your couch with your favourite Netflix show.)

Maryellen Rose George

Brother PT-P750W

It’s useful for office tasks as well as pragmatic labelling of equipment and storage – just don’t get too excited and label everything in sight!

Featured Content

Product Launch Showcase

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?