Google’s password manager in the Chrome web browser can now store passwords in locally encrypted form. This also protects them from Google’s access to the cloud.
Google now provides a function that has been requested for a long time: local encryption of stored passwords. When transmitted to Google’s cloud and from there back to the other users’ devices, the data remains end-to-end encrypted. Google can no longer access them.
What sounds so banal has a serious background: Google used to encrypt passwords during transmission, but stored the key used for this on its own servers, explains that Company in a help article. This gives the company and, for example, US law enforcement officers or curious news services access to it.
Control over the passwords
With the function called on-device encryption, the users take this key per se. Google emphasizes some disadvantages that this has: If the key is lost, users also lose access to the saved passwords. It is therefore important to keep the credentials recovery options up to date.
Other useful Google features, such as checking passwords for hacked passwords, only work to a limited extent. This check must now be triggered manually in the browser. The automatic filling out of some accesses also no longer works in every case with the function activated.
On-device encryption as the default setting in the future
The function is currently being rolled out and can be integrated into the browser Activate settings (on the desktop after clicking on the three-point icon at the top right next to the address bar, the sub-item “Settings”) under “Autofill” – “Passwords”.
The item “Encryption on device” leads to the external URL passwords.google.com. The on-device encryption can be activated there.
After activation, the password settings also indicate that the check for security problems can only be triggered locally.
Further options may be offered on other devices after activation. For example, on a tablet, the message “On-device encryption: You can use the screen lock as another way to unlock your passwords” appeared. Instead of entering the Google password, the release can be made biometrically.
Unlike Google’s optional passphrase for synchronization, on-device encryption is designed as standard protection. It automatically applies to all devices and cannot be switched off again. After the changeover, the notification that “Encryption on the device” is active also appears in the settings on smartphones.
How it works
So far, Google hasn’t revealed how it works behind the scenes. In any case, we didn’t find any description of it and the company didn’t provide any technical background information to our inquiries either. It would be exciting to find out how an on-device encrypted password migrates from the PC to the smartphone in such a way that the smartphone can read it, but not Google. A little clarification as to what the statement that you can recover your passwords with the Google password is all about would be good for Google.
Ultimately, the whole thing should work in a similar way to Apple’s “End-to-end encrypted” data stored in iCloud. Apple has long been backing up data that is particularly worthy of protection, such as passwords, in the iCloud in such a way that a key is always used that is exclusively owned by the user.However, Google conspicuously avoids the term end-to-end encryption.
Just an apparent trifle
If it actually works as promised, Google will give it with on-device encryption Give users back control of their passwords. This is a big step towards more privacy and sovereignty for users. This is only bad news for the manufacturers of password managers. Because an additional, external password manager should make this superfluous for some. However, they continue to score points due to their independence from a specific platform or sharing options for teams that need to use an account together.