The technology industry (Apple, Google, Microsoft) ultimately wants to get rid of passwords with passkeys. Until then, the Google Password Manager is starting to offer on-device encryption so that “only you can see your passwords.”
The encryption key, used to access your passwords, is safely stored in your Google Account. Google then uses this key to access (decrypt) your passwords.
On-device encryption makes it so that “your passwords can only be unlocked on your device using your Google password or the screen lock for an eligible device,” like fingerprint, PIN, etc. “No one besides you will be able to access your passwords” as Google no longer has the encryption key, which is now stored on your device in a secure way.
Google says that on-device encryption cannot be removed once set-up and can be enabled on multiple devices, thus doubling as a recovery option. There are instructions today for enabling on desktop web, Android, and iOS.
Meanwhile, accessing passwords on a new device just involves signing-in (with secondary authentication) to your Google Account, while Sync must be enabled in Chrome.
Google places a strong emphasis on making sure you have Account recovery options in place before using on-device encryption. User experience downsides include automatic sign-in no longer working on some services and Password Checkup requiring manual invocation.
In a support article today, Google somewhat implies that on-device encryption will be the default approach going forward:
Over time, this security measure will be set up for everyone to help protect password security.
The “Set up on-device encryption” process can be initiated from either the Chrome desktop/mobile browser or Password Manager (website or built-in Android experience). However, it’s not yet widely rolled out on the web and we’ve only encountered it in Chrome Beta (103, on Android).
- Go to passwords.google.com, or Settings app > Google > Manage your account > Security tab > Password Manager
- Click Settings
- Click Set up on-device encryption
- In your Chrome browser, at the top right, select More (three-dot overflow menu) > Settings > Passwords > Set up on-device encryption
Author: Abner Li