Google Password Manager gets encryption on device, shortcut to home screen

As a Chrome user, we all know about its built-in password manager and how useful it can be to auto-fill saved passwords for us without much hassle. While many may opt for a more feature-rich third-party solution, Google’s proprietary offering stores your credentials in your Google account and, as long as you use the Chrome browser, it can be used on any device you choose. Google calls this service the Google password manager.

In the last months, Google Password Manager has acquired new features already offered by other paid services, such as the ability to manually add a website password without being prompted by that site, and the ability to add notes to saved passwords that may contain pertinent suggestions or information. Add that to its existing password checker feature and you have a compelling reason to let Chrome handle your password management needs, but Google isn’t done.

On-device encryption on Android, iOS, and Chrome

The tech industry is changing its views on passwords. It is inevitably moving towards more convenient and secure FIDO access standards without passwordsas Apple and Microsoft do with “passkeys”. Google is rolling out its version of passkey using several methods, one of which is On-Device Encryptionwhich has already started to be launched.

Today, when Chrome saves your password, it uses “standard password encryption,” which Google explains stores your encryption key in your Google account. To unlock it, you simply need to enter your Google account password plus any two-step verification method you have set up. Google then uses this key to decrypt your password and log in.

The next encryption on the device will be different as your passwords can only be unlocked on your device using your Google account password or biometric data. Since your device is now your key to unlocking your passwords, this guarantees it only you will be able to see them. Once encryption is set up on the device, it cannot be removed, and according to Google, “Over time, this security measure will be set up for everyone to help protect password security.”

According to 9to5Google, users can already start the process of setting up encryption on their device via their desktop or mobile Chrome browser, as well as the Password Manager website or the built-in Android experience (more info below). However, it is not yet widely distributed on the web, and on mobile devices they have only encountered it on Chrome Beta (version 103).

Home screen shortcut and built-in Android experience

To connect encryption on your Android device, Google is also rolling out a new integrated experience to access your passwords. You can always access Google Password Manager in Chrome by navigating to password.google.com and from your Android device Settings> Privacy> Google Autofill Service> Passwords menu. However, Google is now making it easy to access the native Password Manager experience on Android without having to tinker with all the menu options providing an easy to configure shortcut that you can add to your home screen.

To set up the Password Manager shortcut on your Android device, firstly, make sure you have the Google Play Services June update, necessary for it to work. Then, go to that of your device Settings> Privacy> Google Autofill Service> Passwords menu and tap the settings gear from Password Manager. From there, scroll down until you see a widget that allows you to “add a shortcut to your home screen” and proceed with adding the shortcut. You can now log into Google Password Manager at any time using that shortcut, which will use your device’s biometrics or lock screen for authentication.

Default state starting with Android Chrome 103

Finally, as noted by 9to5, Google will replace the standard password manager on Android Chrome with the more robust and native-looking Google password manager. They are essentially the same, except that the UI looks more like an Android app rather than the look and feel of an embedded webpage you get when you log into passwords.google.com. Sure, it’s still the same backend, but it’s one more step to connect to everything Android, including Chrome, when it comes time to enable encryption on your device.

If you want to check if the encryption on your device has been implemented in your account on the web, go to passwords.google.com and click on Settings. If available, you should see an option for “Set up encryption on device”. Similarly, you can check on your Android device by opening Password Manager, tapping Settings, then looking for the encryption option on the device.

As mentioned before, once encryption is set, you will not be able to disable it. Furthermore, if you lose your Google password and you don’t have access to any of the devices on which you are logged into your Google account, you risk losing all your passwords. That said, this is something we’ll all have to configure eventually, as at some point it will become the default authentication method for most platforms.

Leave a Comment