Don’t feel bad about using Chrome’s password manager

According to advice on the web, you should never use a browser’s password manager. Security experts particularly dunk on Chrome, the most popular browser. If they had their way, no one would touch it with a 10-foot pole.

The reasons are numerous: Google doesn’t offer zero-knowledge encryption, so your credentials are only protected from outsiders, rather than everyone but you. The password manager itself is simplistic, lacking robust defenses against unauthorized access on PC and proper secure sharing. You’re trapped within an a single ecosystem. You can’t transfer control to someone else in an emergency.

But these complaints overlook a major point (and aren’t fully true anymore, to boot)—a browser password manager is a massive improvement over weak or reused passwords. It’s an improvement on using an unsecured document to save your passwords, too. Whenever this fact is acknowledged, it’s often skipped over quickly.

So let me slow this down a moment: If you’re using Chrome (or another major browser) to manage your passwords, you’ve already leveled up your online security. That’s a good thing. Google’s been improving its password manager, especially as of late. Currently, you can limit access to your passwords with Windows Hello. Google also checks for weak, reused, or leaked passwords and alerts you. Soon you can share passwords within a Google family group. And you can export your passwords, so you can leave at any time.

That means you can easily switch to a full-service password manager when you feel ready to upgrade. You’ll simply export all your passwords to a CSV file, a standard method for transfer. (For extra safety, you can save that plaintext file in a virtual encrypted drive—unless you plan to change all your passwords after transferring services.) Then you’ll import that same document into the new password manager.

Graduating to an independent password manager is the best approach—I do agree with that piece of advice. You’re safer when your passwords are so tightly encrypted that only you know what they are. If you become incapacitated or deceased, your loved ones can more easily manage your affairs with control of your passwords. You get more sophisticated features. And you’ll have a safety net. Should anyone steal your Google account (or more likely, you accidentally lock yourself out), you won’t also lose access to other accounts because you can’t get at your passwords. Plenty of excellent services exist that provide all this and more.

But until you’re ready to make that switch, don’t sweat using strong, unique passwords within Chrome. Just be sure to secure them properly (e.g., skipping autofill and protecting them with Windows Hello)—and also lock down your Google account with a good password plus two-factor authentication, or even a passkey. If you’re going to put your eggs all in one basket, don’t let anyone else tip it over.