How to save passwords in Chrome and alternatives?

One question our clients often ask is: "should I save passwords in Chrome?" For individual use, saving passwords in a browser is better than keeping them in a spreadsheet or notepad, but Chrome doesn't offer enough security to protect you against attacks.

For businesses, saving passwords in Chrome exposes many cybersecurity vulnerabilities, which we outline below.

This article will look at how to store passwords in Chrome safely and recommend a robust password management solution for businesses.

‏‏‎ ‎

Start protecting yourself today with a free trial with TeamPassword.

‏‏‎ ‎

What is a Password Manager?

A password manager lets you create and save secure passwords for logging into various apps and accounts. Most password managers, including Google Chrome, feature a secure password generator to create unique credentials for every account.

Password managers also make it possible to share credentials with other users safely—like friends or colleagues. Instead of sharing the actual password, you provide users with a login to the password manager. They then use the password manager to access accounts (almost like a key), such as social media or a productivity app.

Password managers prevent unauthorized sharing and access for companies that regularly share credentials with coworkers, outside contractors, and freelancers.

‏‏‎ ‎

Saving Passwords in Chrome: What Chrome Can and Can't do

Most modern browsers, like Google Chrome, feature a password manager for convenience.

We have so many password-protected digital assets these days. Social media accounts, streaming services, online banking, cloud storage, email, and more—and that's just personal accounts!

Most people can't remember every password, so saving passwords in Chrome is somewhat secure and convenient.

The Advantages of Saving Passwords in Chrome

  • Saving passwords in Chrome is convenient. When you need to log in to an account, Chrome's password manager is there with your credentials.
  • Chrome's password generator ensures you use secure passwords.
  • You can protect your Chrome browser with multi-factor authentication, preventing criminals from logging into your Google account, even if they steal your password.
  • Chrome has a Check Passwords feature to scan your credentials for weak passwords so you can change them.
  • Chrome has an Unknown Login feature to alert you when it suspects unauthorized access.

The Disadvantages of Saving Passwords in Chrome

  • No functionality to safely share passwords with other users—not suitable for sharing passwords with coworkers.
  • Chrome doesn't force you to use secure passwords or unique credentials for every account—cybercriminals regularly breach accounts through credential stuffing or brute force attacks.
  • Chrome lets you export all of your passwords to CSV, making it easy for hackers to steal all of your passwords at once!
  • You can view stored passwords in Chrome, which is acceptable for individual use but poses a cybersecurity risk for companies.
  • Changing your passwords in Chrome is not obvious or easy. Most users don't know how to do this or even bother trying.
  • Chrome doesn't have an activity log for logins or sharing. You also can't set up email notifications for logins to your most sensitive accounts.
  • Most Chrome passwords are 12-15 characters long with no functionality to increase the character count to create complex, more secure credentials.
  • You can only use Chrome passwords in Google's browser. To use credentials in another browser, you have to expose the password, copy/paste it into Safari or Internet Explorer. If you're working in a public space, exposing your password on the screen could pose a security risk.
  • Chrome often saves passwords with an "Unknown" username, forcing you to reset the password for future logins.

‏‏‎ ‎

How to Save Passwords in Chrome

Google makes it easy to save passwords in Chrome. There are two instances where you can save passwords:

  • Creating passwords in Chrome for a new account
  • Saving existing credentials in Chrome

Before you start, you'll need to enable Chrome to save your passwords. 

  1. Make sure you are signed in to your Chrome browser using your Google account credentials.
  2. Click the menu icon (three vertical dots) to the right of your profile pic and select Settings.
  3. Click Passwords in the menu.
  4. Make sure the toggle is on (illuminated blue) for Offer to save passwords.

Chrome will now suggest and store your passwords in the browser.

Creating Passwords in Chrome for a New Account

  1. Using Chrome, go to the website where you want to create a new account.
  2. After entering your username or email, a prompt will appear from Chrome with a secure password.
  3. To accept Chrome's password suggestion, click Save.
  4. A popup will appear to the right of your address bar, indicating that Chrome has saved your new password.

Saving Existing Credentials in Chrome

  1. Using Chrome, go to the website or app where you have an existing account.
  2. Enter your credentials and login
  3. A popup will appear to the right of your address bar, indicating that Chrome has saved your credentials

You can view any of your Chrome passwords in the settings menu:

  1. Click the menu icon (three vertical dots) to the right of your profile pic and select Settings.
  2. Click Passwords in the menu.
  3. Scroll to find the password you want or use the search feature at the top of the page.
  4. Click the Preview icon (eye) next to the password you wish to view.

‏‏‎ ‎

Why You Shouldn't Save Passwords in Chrome

Saving your passwords in Chrome poses many cybersecurity risks, especially for businesses! For one, Chrome's password manager is unencrypted, making it easy to view saved passwords in the browser's settings.

Another major vulnerability for anyone saving passwords to Chrome is the ability for someone to download all of your passwords into CSV with one click! If an employee has company passwords saved, this puts your business, coworkers, and clients at risk too!

Many team members work in coffee shops, coworking offices, and other public spaces where Google's password download feature is susceptible to attack. 

If an employee leaves their PC to go to the toilet or make coffee, anyone could insert a removable USB drive and download their Chrome passwords in less than a few seconds!

If an employee doesn't have multi-factor authentication set up, hackers could breach their Google account through a phishing attack—and again use Chrome's password download feature to steal all the browser's passwords.

Google built Chrome's password manager for convenience, not security

Individuals can save personal passwords to Chrome at their own risk, but companies should never allow team members to share exposed credentials or save passwords to a browser.

So, what is the alternative?

‏‏‎ ‎

Better Password Management with TeamPassword

Most cyberattacks happen as a result of compromised login credentials. Companies need to set up multiple layers of security to prevent criminals from stealing passwords.

Your team members are the first line of defense! So, educating employees about cybersecurity and password protection should be priority number one. 

Cybercrime is constantly evolving, so it's crucial you maintain ongoing training and even have a #cybersecurity messaging channel (Slack, Notion, etc.) for regular updates and vulnerabilities.

Protecting Passwords with a Password Manager

Combining a vigilant workforce with a password manager like TeamPassword will mitigate many cybersecurity risks.

TeamPassword is a secure password manager designed to make credential sharing safe and easy. No more password spreadsheets or sharing credentials over email or messages!

Instead of sharing exposed passwords, team members use TeamPassword's browser extensions (Chrome, Firefox, and Safari) to log into accounts. 

The browser extension! But isn't that the same as Chrome?

No, your passwords are encrypted and cannot be previewed like they can in the Chrome browser. Employees protect their TeamPassword account with two-factor authentication—so even if someone steals their TeamPassword credentials, criminals can't log in and access your company's passwords.

In the unlikely event that someone breaches your TeamPassword account, the attackers cannot view your passwords. You can also set up email notifications to stay on top of unauthorized sharing and access.

TeamPassword's best feature is the ability for managers to create groups for sharing access. Within a group, you can have multiple accounts, making it easy for employees to log in. 

For example, you might have Hootsuite, Instagram, Pinterest, Twitter, and other relevant accounts in your "TeamPassword Social Media Group." Only employees on the social media team have access to that group.

If someone no longer needs access (like an employee leaving the company or after a freelancer finishes a task), you can remove that person with one click—no need to change passwords every time someone leaves!

And, if you do need to change a password, TeamPassword's built-in secure password generator lets you create new credentials in seconds. TeamPassword updates the new credentials to your whole team without any disruptions to productivity.

How Secure is TeamPassword?

TeamPassword is an internationally accredited secure hosting provider using state-of-the-art encryption technology. 

We also follow strict security protocols when deploying code and updates and provide frequent vulnerability sweeps to scan our systems for viruses and ensure no backdoors lead to your sensitive data.

We hashed, salted, and encrypted passwords locally on your computer and then transmitted them to TeamPassword's server via an encrypted connection—not even TeamPassword can view your passwords!

Whereas anyone with access to your Google account, including select Google employees, can open and preview passwords saved in Chrome!

‏‏‎ ‎

Sign Up for a Free Trial!

Still not convinced TeamPassword is right for your business? Why not sign up for a 14-day free trial to test our secure password manager with your team.