Credential theft poses a serious threat to online privacy and security as it can lead to identity theft and financial loss. In response to this risk, many online users turn to password managers to protect their sensitive information. One such solution is Google Password Manager, a tool integrated into the Chrome browser. But is Google Password Manager safe? 

This article will examine various aspects of this password manager to help you determine if it's the right tool for safeguarding your passwords and personal information. We'll also introduce virtual cards, which can be useful for protecting your financial details.  

Disclaimer: The information in this review is valid as of July 2024. Google Password Manager's features may change with time. For up-to-date information, please visit the Google Chrome Help site.

How Secure Is Google Password Manager?

To determine whether Google Password Manager is secure, we'll examine six critical areas that may affect its overall security standing:

1. Encryption
2. Password autofill
3. Additional authentication
4. Password checkup and security alerts
5. Automatic password generation
6. Backup options

Encryption

Encryption is central to every password manager's security architecture. It ensures that only authorized parties with the encryption key can read the passwords. Google Password Manager uses two methods to encrypt passwords^[1]:

• The standard password encryption encrypts passwords in transit, on their way to Google's storage, and while in storage. The encryption key is stored within the user's account, where Google can use it to decrypt passwords when needed. 
• On-device encryption lets users encrypt data using their Google password or screen lock. Google claims only the user can decrypt the passwords on their device, implying that it doesn't have access to the encryption keys. 

On-device encryption is optional, but Google plans to apply it to all accounts eventually^[1]. The fewer people or systems that can access users' encryption keys, the more secure they are.

Google doesn't disclose the specific standards used for encrypting passwords, and it doesn't go into details about its security architecture regarding password management. Users who want a password manager that provides more information about how it secures passwords might opt for Keeper, LastPass, or 1Password. 

Password Autofill

Google Password Manager has an autofill feature^[2], which lets Google's Chrome browser fill out users' stored credentials when logging into their website accounts. Besides being convenient, autofill also boosts security in several ways:

• It provides protection against keyloggers, malicious software that captures information when users type it.
• It helps prevent users from becoming victims of phishing attacks, where hackers mimic legitimate websites to steal users' information. 
• It eliminates the need for copying/pasting passwords, which potentially exposes passwords by leaving them in the clipboard where other apps can access them.

Additional Authentication 

Password managers can enhance security by requiring an additional form of authentication before allowing users to access, manage, or use stored passwords.

While Google protects users' accounts with two-factor authentication (2FA)^[3], Google Password Manager also lets users set up biometric authentication when filling in passwords^[4]. Users have two options, depending on their device:

1. On PC, they can turn on authentication via Windows Hello. 
2. On Mac, they can turn on authentication via TouchID.

Password Checkup and Security Alerts

Google Password Manager has a Password Checkup feature that monitors the safety of stored passwords^[5]. When users open the Checkup menu in the tool, it shows them three critical areas that might need intervention:

1. Weak passwords
2. Reused passwords
3. Passwords compromised in data breaches
   ‍

Google can also send alerts to notify users if their passwords are exposed in breaches^[5], helping maintain the overall security and integrity of users' credentials.

Automatic Password Generation

Google Password Manager offers automatic password generation^[6] to help users create complex passwords that are difficult for attackers to guess or crack. This feature makes it easier for users to create strong passwords and avoid reusing old ones. 

Backup Options

Google Password Manager allows users to export passwords for backup purposes^[4], ensuring they have a copy of their credentials in case of data loss or if they choose to switch to another password manager. 

This export feature provides flexibility but requires careful handling to avoid exposing sensitive information.

Can I Trust My Password Manager With All My Sensitive Data?

Using a password manager, even a browser-based one like those offered by Chrome, Firefox, Edge, Safari, or Opera, can help safeguard your credentials and promote good password hygiene. A reputable standalone password manager—Dashlane, NordPass, Proton Pass, or Bitwarden, among others—might offer even more security measures and features. This makes them a good choice for storing other sensitive information, such as payment card info. 

While password managers can be secure enough to store your sensitive information, the protection only extends until the information is shared. As soon as you enter your card details at checkout and make a payment, the security of your sensitive financial information depends on the merchant.

Virtual cards allow you to extend the protection of financial data beyond what a password manager can offer. They can act as a stand-in for your payment card details during online transactions, shielding them from potential thieves. With an independent card provider like Privacy, you get industry-grade security and control over who can charge your cards and how much. 

Secure Your Online Payments With Privacy

Privacy is a BBB-accredited virtual card provider that helps enhance the security of your online transactions. By linking your debit card or bank account with Privacy, you can generate unique virtual card numbers with CVV and expiration dates. Your Privacy Cards can be used as regular payment cards for online transactions, and if a merchant's website is compromised, your actual financial details remain safe. 

To help protect your accounts and funds, Privacy uses robust security methods such as:

• Two-factor authentication (2FA), reducing the risk of unauthorized access to your account
• Real-time notifications when your virtual cards are used, helping you spot unusual activity
• Regular audits by reputable third-party organizations, ensuring all security measures are up-to-date and meet PCI and SOC 2 standards

Privacy Card Types and Features

‍

Privacy provides three types of virtual cards:

You can pause or close your Privacy Cards, and Privacy will stop all further charges. Privacy also lets you set spending limits on each card. Any charge above the limit is declined, providing an additional safeguard against excessive charges by sneaky merchants.

Convenience Features

To make your online transactions more convenient, Privacy offers the following features:

• 1Password integration—Seamlessly manage your virtual cards and passwords from 1Password's browser extension.
• Privacy App—Use the mobile app, available on both iOS and Android platforms, to create and manage your virtual cards on the go.
• Privacy Browser Extension—Install the browser extension, available for Firefox, Chrome, Edge, Safari, and Safari for iOS, to quickly generate virtual cards while shopping online.
• Card Notes—Attach notes to your cards to help you remember when and where you'll use your Privacy Card next.
• Shared Cards—Share virtual cards with friends and family members as a gift or to manage shared expenses.

How To Join Privacy

To join Privacy and secure your online transactions, follow four steps:

1. Create an account on the Privacy website
2. Verify your identity to protect your account
3. Connect your bank account or debit card to your Privacy account
4. Request and generate your first Privacy Card
   ‍

Depending on your needs, you can choose from the four plans Privacy offers:

References

^[1] Google. https://support.google.com/accounts/answer/11350823, Sourced August 22, 2024

^[2] Google. https://support.google.com/accounts/answer/6208650, Sourced August 22, 2024

^[3] Google. https://support.google.com/accounts/answer/185839, Sourced August 22, 2024

^[4] Google. https://support.google.com/chrome/answer/95606, Sourced August 22, 2024

^[5] Google. https://support.google.com/accounts/answer/9457609, Sourced August 22, 2024

^[6] Google. https://support.google.com/chrome/answer/7570435, Sourced August 22, 2024

‍