You probably know you should store and manage your passwords safely. However, if you’re using Google Chrome and storing your passwords in Google Password Manager, your passwords aren’t necessarily safe.
In this article we go over the threats that Google Password Manager poses and offer a secure alternative.
Is Google Password Manager safe?
Google Chrome is the world’s most popular web browser by far, with over 3 billion users. Its built-in password manager, Google Password Manager, is its default software to create and store passwords for websites and services. Although convenient for Chrome users, Google Password Manager is not the safest option for several important reasons.
We’ve identified several problems that should rule out Google’s password manager as a safe place for your login credentials.
We can’t verify Google Password Manager is secure
Google offers little transparency about how the company secures your credentials. The platform’s code is not open source, so there’s no way to verify whether your data is really secure.
Trustworthy data security companies typically inform you about how they encrypt your data and the strength of their encryption standards. But Google uses closed-source code and offers no public description of its security architecture. Google assures(new window) that only you can read the passwords you set and store with its password manager, but there is no way to verify this claim.
This kind of secrecy is always a red flag. As quantum computing and new forms of encryption threaten to change the security paradigm, Google’s “security by obscurity” approach will become even more dangerous to users. The company is not immune from security lapses, such as when it was revealed Google stored G Suite users’ passwords in plaintext(new window).
A good password manager must follow industry standards and hold up to academic scrutiny, which requires operating in the open. Independent experts can review open-source code and verify the developers’ security claims and ensure the encryption is implemented safely. Open-source password managers are always updating and improving based on public feedback.
Recent security events aren’t promising
In July 2024, an update to Google Password Manager left between 15 and 17 million users (new window)unable to access or save passwords. The event lasted nearly 18 hours and affected Chrome web browser users around the world. Google noted on its app status dashboard(new window) that the incident was caused by a “change in product behavior without proper feature guard.”
This wasn’t Google’s only incident. Again in July 2024, SafeBreach, a cybersecurity firm, discovered that attackers had been able to wirelessly add malware(new window) to their victim’s PCs using 10 bugs in Google’s Quick Share for Windows. Using this exploit, the attackers could then run code remotely on the victim’s device and potentially take it over.
Google Password Manager doesn’t offer innovative and important features
Google Password Manager is a bare-bones service. There’s no built-in two-factor authentication feature, no encrypted vault functionality, no hide-my-email aliases, no ability to share your passwords with others securely, and no standalone apps.
What’s more, Google Password Manager’s password generator only creates strings of 15 characters chosen randomly. Other password managers will let you customize the length beyond 15 and modify the mix of characters included. Some also allow you to generate a passphrase, which can be more secure than a password because it contains greater entropy.
Because of these restrictions, Google limits your ability to adjust the security of your passwords.
You could lose all your passwords
When you use a password manager, you expect to be able to access your passwords and other data forever. But with Google Password Manager, you could suddenly find yourself locked out of your own data.
Google can disable your account(new window) if the company determines you have violated its terms of service on any of its products, from YouTube(new window) to Gmail. Even if your alleged violation takes place outside of Google Password Manager or Chrome, you will still lose access to your passwords. You can appeal Google’s decision, but there are many stories(new window) of these applications leading nowhere. While this can also happen on other services, Google’s reach and impersonal customer support increase your risks.
As with all Google services, your data doesn’t really belong to you. Your identity is a product that Google rents to advertisers.
Google Password Manager locks you into the Google ecosystem
When you rely on Google Password Manager, you’re enclosed in the Google ecosystem by making sure you use only its products, thus enabling the company to get as much data as it can about your online behavior. It can in turn sell this data to providers for a tidy profit. Your passwords are only accessible in Google Chrome. By locking you into the platform, Google can see the websites you visit, search terms, and other information about you.
Much the same goes for the iCloud Keychain. Though it’s nowhere near as egregious as Google, it also serves as a way to make sure you use Apple products, without the ability to switch between different types of devices.
The only good way to solve all of these issues is to use a dedicated, standalone password manager. These offer a lot more flexibility, for example not only working as a Chrome password manager extension, but also in other browsers, on mobile, and even on desktop.
So, is Google Password Manager safe to use?
Your password manager should be transparent about how it works and primarily focused on protecting your security and privacy. These are the minimum qualifications that Google fails to offer. In 2025, when 1.4 billion records are being leaked in data breaches(new window) in a single month, this isn’t good enough.
This is why we developed Proton Pass: to make sure internet users could have a password manager that can remove them from the clutches of Big Tech, while still enjoying state-of-the-art security and privacy. Instead of relying on Google Password Manager, you can use Proton Pass as Google Chrome extension.
The biggest difference between Proton Pass and the built-in Chrome password manager is that you can use it on any platform and your passwords come with you. If you have the Chrome browser on your laptop, but have an iPhone in your pocket, you will barely notice the difference when logging into your accounts.
This isn’t the only advantage Proton Pass offers, either. It also uses end-to-end encryption. This secures all your logins, bank cards, secure notes, and important metadata from the moment they’re in your device and keeps them encrypted even on our servers; even if there were a breach — which has yet to happen — hackers will only make away with useless ciphertext.
Proton Pass is transparent about how our encryption works. Our code is open source(new window) and regularly audited by independent security professionals, meaning anyone can verify our code functions the way we claim or read an expert’s assessment of it.
Proton Pass offers more than password management
Proton Pass also goes the extra mile in other ways. For example, you can store a lot more than just passwords and other login information. You can also add credit card details and secure notes whenever you need to keep something like a PIN or security code safe. We also let you use passkeys on all your devices, unlocking this powerful new tech for everybody.
Finally, we also allow you to add an extra layer of privacy while creating accounts thanks to hide-my-email aliases. These hide your real email address while allowing you to receive emails in your personal inbox. If you start to receive spam or the alias is revealed in a data breach, you can simply delete it and create another.
Unlike Google or Apple, we don’t receive our funding from venture capitalists or advertisers. All our funding comes from our community’s subscriptions to premium plans, meaning we can, and always will, put your needs first.
If that sounds like something you want to be a part of, download Proton Pass for Chrome and see what it’s like to use products built with users first in mind.
