Why is Google advertising saved passwords on Chrome?

Rod · May 29, 2023

Maybe it's just us and we don't watch a lot of free to air commercial TV channels but just lately when we have, we have been barraged by ads for Google Chrome's Remember Password feature.
The ad goes something like this,
"You have 256 unique passwords that no one could guess...not even you." It depicts people repeatedly entering the wrong password.
This is not new nor unique in any way, browsers have been offering to save site passwords for ever. It's also odd timing because Passkeys (touted to be the end of passwords) are now being rolled out and a number of large sites such as PayPal, Amazon, Adobe, eBay and Google are already offering Passkey support, see: Passkeys.directory
In fact I had just set up a Passkey for Google services about one week before I started seeing these ads.

pm-r · May 29, 2023

Rod said:
but just lately when we have, we have been barraged by ads for Google Chrome's Remember Password feature.

Like many other commodities I guess they want you to use theirs and they're sending you the ads as a reminder for the latest and greatest password in security.

What is a passkey?

A passkey is a method of user authentication that eliminates the need for usernames and passwords. It also helps prevent security lapses and attacks.

www.techtarget.com

- Patrick
=======

newbutter · May 30, 2023

I think they are just promoting their existing security features like password saving because why not. Passkeys are not that widely used yet and maybe somebody doesn't know they can save their passwords in their browser

pm-r · May 30, 2023

Rod said:
In fact I had just set up a Passkey for Google services about one week before I started seeing these ads.

It seems that Google has just recently started a fairly new blitz on Passkeys:

Google just made a huge move towards a passwordless future

Google just made a huge move towards a passwordless future

Passwords out, passkeys in.

mashable.com

- Patrick
=======

Rod · May 30, 2023

Agreed, so why a sudden advertising campaign to encourage users to save their personally created passwords in the Chrome browser? This is something we usually discourage anyway and it seems at odds with the passkey trend.

newbutter · May 31, 2023

I've found this article which seems to be talking about the issue. Looks like they've made a built-in password manager, which is somehow different from the standard autofill function

Jimmysb · May 31, 2023

Rod said:
Agreed, so why a sudden advertising campaign to encourage users to save their personally created passwords in the Chrome browser? This is something we usually discourage anyway and it seems at odds with the passkey trend.

So why is it discouraged to save passwords to Chrome, or browsers in general.

Rod · May 31, 2023

Jimmysb, because web browsers are so vulnerable to corruption. The easiest way to fix a corrupted web browser is to trash it and reinstall it. Web browsers are also fairly easy to break into, and lots of malware, browser extensions and even honest software can extract sensitive information from them. I certainly wouldn't trust credit card numbers or bank details to one and it just follows that if I want to use a Password manager for them, I might as well use it for all my passwords.

IWT · May 31, 2023

+1 on that!

Ian

Jimmysb · May 31, 2023

Rod said:
Jimmysb, because web browsers are so vulnerable to corruption. The easiest way to fix a corrupted web browser is to trash it and reinstall it. Web browsers are also fairly easy to break into, and lots of malware, browser extensions and even honest software can extract sensitive information from them. I certainly wouldn't trust credit card numbers or bank details to one and it just follows that if I want to use a Password manager for them, I might as well use it for all my passwords.

Okay, so how do I have all my passwords in Key-chain (I assume that is the correct place) and how do I know what is already there.

pm-r · May 31, 2023

Jimmysb said:
Okay, so how do I have all my passwords in Key-chain (I assume that is the correct place) and how do I know what is already there.

Just open your Keychain Access.app (utilities folder) and have a look under the various categories that include a Passwords listing.

- Patrick
=======

pm-r · May 31, 2023

Rod said:
I certainly wouldn't trust credit card numbers or bank details to one and it just follows that if I want to use a Password manager for them, I might as well use it for all my passwords.

You mean like some of the recent password managers that got hacked not that long ago and got access to thousands of user's data??? Hmmm...???

- Patrick
=======

Rod · May 31, 2023

Valid point Patrick, I did quite a bit of shopping around some 6 years ago trying Dashlane, OnePass, 1Password ect. but eventually settled on Enpass. Why? Because at that time it was the only Password Manager (PM) that did not store my passwords on their data base. Everything I store is kept locally on my device. At first I had just the macOS version, later I added the iOS version. They are synced via an encrypted file saved in iCloud. The other big factor is the macOS version was a one off purchase, no subscription fees and the iOS versions were free.
BUT, having given Enpass a bit of a wrap I have to add that Apple's Keychain has come a long way since then. Originally a bit confronting and complex Apple have now added a utility to Settings simply called Passwords which makes it laughably easy to access all of your Apple passwords. So when you go to, eg. a new web site and Apple offers to create a "Secure Password" for autofill in the future you can confidently say "yes" because if you ever need to find it it will be in the Password Utility.
In iOS Passwords is on the first page of Settings and requires your biometric input to access it. You can even use Shortcuts to put it on your homepage as an icon, just like an App, for easy access. See lower left corner of my screenshot below.

Conveniently in macOS 13.4 it can be found in exactly the same place; in the sidebar of System Settings.
For my purposes it still lacks a few options/features that I like about Enpass, like categories, but it's a pretty close race and if I were starting out today I would definitely try it exclusively, sadly it is unable to import all my Enpass data complete with notes as a .csv file so I'm using a mixture of both for now. You can add notes in Passwords and it performs a security check of your existing passwords giving you both the option to create a "Secure" password for existing entries and easy access to change your password on the corresponding website.

IWT · Jun 1, 2023

On the question of Keychain, I have mixed feelings.

As Rod said, it's easy to use, offers strong PWs, makes sure that no PW is repeated and syncs across Apple Devices such as iPhone & iPad. Wonderful.

The "difficulties" I see are that anyone who gains access to your Mac can open Keychain and see the PWs as all it takes is a knowledge of your Admin PW.

But more concerning on a "practical basis", is that if you ever need to reset your Admin PW, then the original Keychain is locked and a new one generated. Ditto if Keychain ever becomes corrupted.

No one can possibly remember or even guess the PWs generated by Keychain.

I concede that these situations are relatively rare, but one should be aware of them, I think.

Ian

Rod · Jun 1, 2023

I did wonder about the loss of Keychain after a admin password reset where the original password was forgotten. This is almost worth a new post of it's own.

This is Apple's advice on the topic If you need to update your keychain password on Mac which essentially says, "If your user password was reset because you forgot your password and you can’t provide the old password for the keychain, you won’t be able to access the information in the old keychain, and a new blank keychain is created."

Really, if you forget your computer Login Password (admin password) for your Mac and you don't have it stored somewhere safe then it's not unlike forgetting the user password for a Password Manager, same problem. There are some passwords that are just too important to risk forgetting and if you don't take steps to record them elsewhere then woe is you.

Having said that, if I for some reason, like trauma, stroke or memory loss for some other reason were to forget my MBP admin password then I would be able to find it on any of my other trusted devices in my Password Manager

Of course that also applies to passwords stored in Apple Passwords utility, they would still be available on any other trusted device but you wont find your Mac's admin password there. Of course you could always record it in Notes or Files ect.

ferrarr · Jun 2, 2023

Rod said:
I did wonder about the loss of Keychain after a admin password reset where the original password was forgotten.

This has happened to me on multiple occasions. I have 2 Apple/iCloud ID's and one of them I don't use often enough. But since I "share" most information and data between both accounts, I have most passwords saved in each Keychain. So they are easy for me to recover.

Rod · Jun 6, 2023

I suppose it all goes back to the old adage about not "putting all your eggs in one basket" just like backups, trusting one system, provider or device is risky. While Apple's service is good having an independent backup of essential data is a good idea.