Eventually, Google and other big tech companies want to dispense with passwords entirely, but until that day comes, a Google Password Manager feature called on-device encryption might be your best bet for protecting your precious codes. Though it quietly came out earlier this spring, since you can now easily access Google Password Manager on your Android Home Screen, now’s a good time to check it out. The feature is available for Android, iOS, and Chrome, and is designed to help users keep their information safe from prying eyes—even Google’s.
In short: on device-encryption adds an extra layer of protection and privacy to Google Password Manager by giving you sole possession of the encryption key that encodes and decodes the text for your PWs.
When it comes to encryption, “keys” are the tool used to lock and unlock information. Encryption hides data by scrambling normal text, or “plaintext” into what is called “ciphertext,” which presents itself as garbled, unreadable gibberish. That gibberish can be turned back into readable plaintext, however, using a “key,” which is a randomly generated string of information that is used to unlock encryption.
Google Password Manager has traditionally held onto a user’s key, storing it in the user’s Google account and using it to protect their passwords. However, with on-device encryption, the user’s key is stored on their actual device instead of in Google’s digital systems. The feature allows users to unlock their passwords using their Google password or by using an eligible screen lock feature of their choosing (PIN or a fingerprint or other biometric identifier). As Google has put it, that means that “no one besides you will be able to access your passwords.” That includes Google!
You can certainly see why this new feature has some privacy advantages, but there are also some potential downsides. For instance, if you lose or forget your Google password or other security mechanism tethered to the feature, you’re going to be in a world of hurt. Why? Because then you won’t be able to access any of your other passwords, either.
Since there is some risk of this happening, Google highly encourages you to set up some account recovery methods before enabling on-device encryption. You can read more about these by reading Google’s support page on the issue here. Also important to note: once on-device encryption is added, it apparently can’t be removed, so be sure you want to engage it before turning it on.
So how do you get this all set up? The process should be pretty simple. For Android, you just have to do the following:
- Open Password Manager.
- Click on Settings
- Tap Set up on-device encryption.
That should be it. For the Chrome browser, the process is similarly simple:
- In the top right corner, go to More.
- Select Settings.
- Hit Passwords.
- Select Set up on-device encryption.
For iOS, you’ll follow a similar procedure, but starting from the Google Passwords webpage. From there, just click on settings and then “set up.” For more information on this new feature, you can check out Google’s full write-up here.
Another thing to keep in mind is that you don’t necessarily have to trust Google at all! For the truly paranoid, this might not be a bad thing to consider. You can always subscribe to another password manager like Keeper or Bitwarden and, if that doesn’t suit your needs, you can always just write your passwords down on a piece of paper. It’d be pretty hard to hack your notebook, after all.