I’ve relied on Google Password Manager for years to keep my digital life in order, but convenience can sometimes come at the expense of security. So, if you’re using Google Password Manager, copy my tips to ensure your passwords stay secure and out of the wrong hands.
7Use a Strong Google Account Password
If you sync Google Password Manager (GPM) with your Google account, the password for your account serves as the key to accessing your stored passwords. As such, your GPM is only as secure as the password that protects your Google account. Because of this, it’s important to use a strong and unique password.
Strong means the password is at least 12 characters long and includes a mixture of uppercase and lowercase letters, numbers, and special characters. Equally important is never reusing this password for any other account. Password reuse is a major vulnerability—if one site is compromised, all other accounts using the same password become easy targets.
There arenumerous ways to make your passwords more secure, but you may use a passphrase if you want something easier to remember.
Password vs. Passphrase: Which Is Better for Your Online Security?
Let’s consider what you should know about passwords and passphrases before you choose which one to use.
6Enable Two-Factor Authentication (2FA) for My Google Account
It’s no secret thateven the strongest passwords can be compromised. That’s why enabling two-factor authentication (2FA) is a must for any online account, not just your Google Account. 2FA adds an extra layer of protection, requiring you to provide both your password and undergo a second verification step. The second verification step can be a code sent to your phone via SMS or generated by an authenticator app.
This extra layer ensures that even if your password falls into the wrong hands, your account won’t be compromised without the second factor. Google offers three 2FA options, including text messages, authenticator apps, and even physical security keys. You can use any of the three, but for optimal security, we recommend avoiding SMS verification, as it’s vulnerable to SIM swapping and other attacks.
3 Ways Your SIM Card Can Be Hacked (And How to Protect It)
Your SIM card is a security risk! Learn how SIM cards can be hacked and what you may do to protect your phone.
You should instead use authenticator apps like Authy and Google Authenticator or physical keys likeYubico’s YubiKey 5C, as they offer stronger protection. I useAuthyfor 2FA because it’s free and easy to set up. you may set up 2FA on your Google Account by navigating toSettings > Security > 2-Step Verification.
5Enable On-Device Encryption in Google Password Manager
Another lesser-known way to strengthen the security of your saved credentials is on-device encryption. With on-device encryption enabled, your credentials are encrypted and decrypted only on your device. It adds an extra layer of protection to your saved passwords, ensuring that no one, including Google itself, can access them.
The downside is that, since you hold the key to decrypting your passwords, you’re able to’t recover them unless you have access to your device or have set up recovery options. But that’s the whole point. If you’re serious about the security of your passwords, enabling Google Password Manager’s on-device encryption is the logical next step.
Google Account
Go topasswords.google.com, selectSettings, and clickSet upunderOn-Device Encryption.
Chrome for Desktop
Click thethree-dot menuin the top right and navigate toSettings>Autofill and passwords > Google Password Manager > Settings > on-device encryption.
Chrome for iOS
Tap thethree-dot menu, then selectGoogle Password Manager > Settings, and finally, tapSet upunderon-device encryption.
Chrome for Android
Tap thethree-dot menuand go toSettings > Google Password Manager > Settings > Set up on-device encryption.
4Secure My Devices With Biometrics, PIN, or Password
Even with a secure Google Account, your device must also be protected, as everything falls apart if someone can easily unlock it. When using Google Password Manager, it’s essential to secure your device with a strong PIN, password, or biometric authentication (such as fingerprint or facial recognition), as it acts as a gateway to your passwords.
For optimal security, avoid leaving your device unprotected or using a weak screen lock mechanism that can be easily bypassed. I use facial recognition for its convenience, but I have a PIN as a backup method. You can also use biometric authentication and have a PIN as a backup in case the former fails due to damage or any other reason.
Your Android Phone Can Automatically Lock if Someone Snatches It: Here’s How
You need to enable this security feature right now to protect yourself from phone theft.
Another important consideration is to ensure that you have an automatic screen lock timer, so your device locks when it’s inactive for a certain duration, such as 30 seconds or a minute. For this, choose smaller durations to ensure your device isn’t left unsecured for an extended period.
3Only Sign In on Trusted Devices
Since my Google account gives access to all the saved credentials, I only sign in on trusted devices. It’s necessary to log in to your account only on your devices, not shared, public, or borrowed devices, as any other person who uses them can access your saved credentials.
However, if you must use someone else’s device, use Chrome’sIncognito or Guest Mode, and always sign out when you’re done. That way, you’re sure that the device owner can’t access your saved passwords and any other personal data in your Google account once you’re done.
2Monitor My Google Account Activity
It’s also essential to monitor your account activity to detect any suspicious activity early, for instance, if someone else has access to your password. Thankfully, Google allows you to do so directly in your account’s management section. However, the best option is to enable notifications so you’re able to receive these security alerts in real-time on your device, which is what I do.
Additionally, you can check for the same information in your Google account by selecting your account profile icon and navigating toManage your account > Security > Recent security activity.
If no suspicious activity appears, your account is likely secure. If there is one or more security incidents, selectReview security activityand select any given option. If you spot unauthorized logins from unfamiliar devices or locations, change your password immediately.
I also regularly check signed-in devices underYour Devicesin theSecuritysection to see which devices are currently signed in to my account and revoke access to old, lost, or suspicious devices.
1Regularly Update My Devices
Software updates play an important role in keeping your device secure. Even if you follow all the steps recommended above, security vulnerabilities in the operating system or apps can make your saved credentials vulnerable. Regular updates patch these flaws before hackers can exploit them.
How to Update Your iPhone or iPad
Easily update iOS or iPadOS, and know what background info to be aware of when you do.
That’s why I install updates as soon as they become available. I also update my apps and, most importantly, Chrome browser since GPM integrates directly with it.
Google Password Manager is a secure and convenient way to manage your credentials, provided you take the necessary precautions. By following the tips above, you can rest assured that your saved credentials are stored securely.
