Amidst all the big Google I/O news, the company quietly made a major overhaul to Chrome's password manager — it's now a part of the revamped Smart Lock service. If you still haven't started using a secure app to store your passwords, this one's for you.
What's Actually New?
Google — or, more specifically, Chrome — has had a makeshift password manager for a while now. You've probably seen it before: any time you enter a password into a site, Chrome will ask if you want to save that password for later. It also used to be a pretty terrible way of storing passwords, until Google fixed that about a year ago. Nevertheless, this feature was little more than a slightly fancier version of saying "Keep me logged in" on websites.
Now, the whole system has been upgraded and rolled into Google's Smart Lock feature. If that name sounds familiar, it's probably because you've used it on your Android phone. Smart Lock originally allowed you to unlock your Android phone if you had it paired with a trusted Bluetooth device (like a smartwatch) or were in a trusted location (like your home).
In addition to rolling Chrome's password manager into Smart Lock, the whole platform comes with a few new features:
- You can manage your passwords from the web: If you visit passwords.google.com, you can see a list of all the passwords you've saved with Chrome. This is protected by Google's standard two-factor authentication (which you should be using). Even on computers you're signed in on, you'll have to re-enter your account password to access the list.
- You can now save (some) app passwords: Previously, you could only save passwords for websites, but now Smart Lock can save your passwords in some apps as well. There are already a few apps that support this feature including LinkedIn, the New York Times and Netflix. Hopefully, more will support Smart Lock soon.
- Auto Sign-In bypasses app sign in entirely: For supported apps, Smart Lock doesn't just save your passwords, it can (optionally) skip the login screen entirely. The first time you log in to an app on a new device, you'll see a blue bar at the bottom with your Google account on it, but you'll immediately be redirected to the main screen of the app. The process is completely invisible. If you're not comfortable with this, you can turn Auto Sign-In off in your Google Settings.
Now, if you're an avid user of LastPass, you're probably not overwhelmingly impressed. Smart Lock is a solid effort — and it's much better than not using a password manager at all — but it's also playing catch up.
Where Smart Lock Is Awesome
To call Smart Lock a "password manager" would be misleading. What Google's trying to build is an entire identity solution. Your Bluetooth device unlocks your phone. Your phone unlocks your Google account with two-factor authentication. Your Google account unlocks all your other logins. It's designed to be an army of cross-referencing checkpoints that make sure you're the one who has access to your account and no one else. As such, Smart Lock has a few advantages:
- It's completely free: LastPass is free on your desktop browser, but costs money to use on your smartphone. 1Password is a paid app on every platform. While most password managers are worth the money, not everyone's going to pay for it. If you still haven't shelled out the cash for a more robust password management service, Google's system is at least worth checking out. It's also probably worth recommending to your friends and family who would never pay for a password manager in the first place.
- Your Google account is your master key: For some this might be a downside, but if you're a regular Google user, being logged into your account counts as authenticating. Not only can this be very convenient, but it also means that the primary way to access your passwords is fairly strongly protected.
- Smart Lock protects more than just your passwords: Syncing your passwords to your phone can be a security risk if you don't use a PIN or password lock. Smart Lock as a platform, however, encourages you to keep your phone secure too, by taking away the inconvenience of unlocking your device at home or in other trusted conditions.
Smart Lock's ultimate selling point is convenience. If you're the type who frequently imagines a scenario where a masked robber steals your phone and uses it to break into your online dating profile and use it to send threatening messages to the Pentagon, Smart Lock isn't for you. If you're the type of person who hates reading articles about password managers because the phrase "password manager" puts you to sleep, Smart Lock is probably for you. It's way better than doing nothing, and every feature is designed to keep you as safe as possible while staying out of your way.
Where Smart Lock Falls Short
If you're an avid LastPass user (like my boss), don't get too excited. The password manager part of Smart Lock still isn't as good as other solutions. Part of the reason that these services are worth paying for is that they're not just designed to be a list of passwords. They're supposed to protect your data. As such, there are a few things Smart Lock is mission:
- Smart Lock has no password generator: This is a pretty huge oversight, and hopefully one Google will address. Securing your passwords doesn't matter much if you use the same passwords for everything. Services like LastPass can generate long, complex passwords you'd never remember and then remember them for you. That's the point. Unfortunately, Smart Lock still relies on you to generate your own secure passwords.
- It only works on Chrome and Android: If you use any browser besides Chrome, an iPhone, or even non-Chrome Windows applications, you're out of luck. Technically, Smart Lock can remember your passwords, but you'll be looking them up manually on the web, which you really shouldn't do. In fact, there's not even an Android app, so the only way to access your passwords on mobile at all (outside the supported Android apps) is by opening passwords.google.com on your phone.
- It can't store any other information like credit cards or secure notes: We talk about LastPass as a password manager a lot, but you can also use it to safely store other sensitive information too. You can write down your credit card numbers, insurance information or anything else you need to keep safe. Smart Lock can't do any of this.
As of right now, most paid password managers have a pretty big headstart on Google. They have more advanced features, they're on more platforms, and they have been around longer. Plus, if you've read this far, at least one of them probably already has your money (and your data). If you're happy with it, there's not much in the way of a reason to switch.
Who Smart Lock is For
So far, Google doesn't seem to be aiming to unseat existing password managers. It's not even really building a password manager at all. Smart Lock is designed for one simple purpose: getting over your laziness. Despite the seeminglyendlessflood of companiesgetting hacked, it's still a chore to convince most people to take even basic measures to protect their security.
The problem isn't that security solutions don't exist. It's that many people just won't use them. It's designed to work with the apps you're already using (provided you're using Google services, naturally) to take care of the problems that you don't want to take care of yourself. It's for your aunt, your coworker or your frugal friend that doesn't want to pay for a subscription to use an app on mobile.
The upside is, it doesn't suck anymore. While there are some more fully featured options available, Smart Lock isn't blatantly insecure anymore. At the very least, it's not any more insecure than your Google account. The very obvious problems that Chrome's password manager had in the past are gone and there are some useful new features. That's better than nothing.