Google Password Manager - Seriously Google?
Why does accessing passwords through chrome settings require no verification when verification is required to view passwords through passwords.google.com
Why shouldn't we use Google password?
Google may auto-convert your passwords to passkeys on Android [Update: Rolling out now] : Android
Videos
I was a Bitwarden user until last year before purchasing Google Pixel 7 Pro. I was happy when Google provided their own solution, Google Password Manager (GPM) integrated into the phone itself and i moved all my passwords from Bitwarden to GPM. Even i switched from Authy to Google authenticator to have a integrated and unified experience.
3 days ago, i felt chrome in my Pixel was bit sluggish and thought of clearing the history and cache. By default the "saved password" were checked when i clicked on clear option. Though i know the GPM passwords are accessible via chrome in other platforms and non-pixel phones, i never thought that this would delete all my passwords from the vault. Cherry on the top is the chrome didn't prompt or requested for additional authentication, like fingerprint before cleaning out the vault.
I was shocked to see an empty vauly yesterday. Google support said they cannot help retrieve the passwords and it's a gone case. Luckily i remember the master password of Both Bitwarden and Authy, and i immediately switched back to Bitwarden.
I mean who in the right mind designed a security tool this way. Clearing the vault straight from the browser without even warning the user? What is even the point of having the GPM burried inside the phone security settings when you can easily delete the passwords from a browser click? I was so disappointed because i felt GPM was Nice. Never again.
To clarify, clicking the three dots at the top right and selecting "passwords and autofill" is what I mean by accessing the chrome settings of password manager. Whereas going to the website passwords.google.com is what I refer to as the browser version of chrome's password manager.
When you're already signed in, going to the browser version will let you see which websites you have passwords saved for without verification, but attempting to see the individual passwords for each site by clicking on that website will prompt the verification step (which happens through passkey for me). This is good.
However, accessing the password manager simply through chrome settings has zero security whatsoever (if you're already signed in), and you can can just easily navigate to the website you want to see the password for, and click on the eye icon to see what the password is, with no extra verification step in between.
I don't go out with my laptop very often, it's a gaming PC so it's quite heavy and not really meant to be taken around with you to be used on the go, so I don't set a password for it so that it powers up instantly to my desktop. But if let's say I travel or move and I bring my laptop along, and I forget to set a password beforehand, I would want to be rest assured that my passwords are still safe even if the laptop gets stolen, because my chrome accounts are already signed in so requiring verification to access passwords and other sensitive details would be nice.
Does anyone know a way to do this?
Everyone here seems to use various password managers, but not the Google one, which is perfectly integrated in Google chrome and in any android apps.
I guess that's because you don't want to give all your passwords to Google, but is there something else ?