On twitter the other day, I saw the status “WTF? #Chrome now *by default* sends all of your passwords to #Google so now I have to change all my pwds. FFS Google”. Being concerned about privacy and a Chrome user, I checked it out and the complaint was that Chrome shares passwords with Google by default. I thought it would be worthwhile discussing this and how others may avoid the issue.
Yes, Chrome most certainly will sync passwords (if you allow it to)… so you can sync your Chrome account across multiple devices. The issue was that it is a breach of their security and they now have to change their passwords. Yes, they should change their passwords and they should change the sync settings. Better yet, I would recommend they do not use their browser to save their passwords.
However, let’s go back to how this could have been avoided. Sure, the default the settings for Chrome Sync is to send everything, and that includes passwords but it is really up to us to check what we are setting up. To be able to set Sync up, you must sign in to your Google Account and then choose the sync settings. It doesn’t just happen… When you do select your sync settings, you are given this screen:
This is an image from my own #Chrome installation. The default settings for Chrome is “Everything” which includes Passwords and a link to “Use default settings” which links to a heap of information about what you are about to do….
The fact that the passwords option is checked should be ringing alarm bells.
It is our responsibility to understand exactly what we are setting our online systems up to do – what data is being shared, what access and rights we are giving providers to our data and what it really means. Just don’t blindly go accepting the settings they provide – do your research and make sure you are informed.
Whilst we’re on the topic, I really don’t think you should be using the browser to save your passwords. There are better options for password storage and syncing including RoboForm, KeePass and LastPass.