Google developing Chrome strong password generator

It's the conundrum that all web browser users have to deal with; creating passwords for certain web sites they visit and then remembering them all. Some choose to use just one password for all of their sites but that, of course, can be a big security risk. Others use simple passwords but that, too, poses its own problems.

Now Google is working on a way for users of its Chrome web browser to have their web password cake and eat it, too. In a post on its Chromium web site, Google describes how it would randomly generate a strong password when it comes into contact with a web sign up page.

The proposal is to offer Chrome users a prompt when they reach a sign up page, asking them if Chrome can create a password and store it in the password manager. It adds:

If they accept the prompt then we pop up a small box which is prepopulated with what we think is an acceptable random password. The reason we don't just choose a password for them is that many sites have requirements (e.g. must have one digit, must be alphanumeric, must be between 6 and 20 characters) some of which may be contradictory between sites. So we will choose a default generator that will work on most sites, but users may need to change our password if it doesn't work.

While there are a lot of advantages to this approach, there are also dangers. For example, someone who manages to break into a user's Chrome account could be able to see all of the stored passwords. If that happens, Google claims it might be possible "to automatically change all of a user's passwords when we realize that their account is hijacked."

There's no word on when this new password generator will be added to Chrome.

Image via Google

Report a problem with article
Previous Story

Microsoft CFO: Windows 8 key to cross-platform plans

Next Story

Apple kills 'software update' in Mountain Lion, fights inconsistency

26 Comments

Commenting is disabled on this article.

When are you people going to realize that Chrome only exists to gather as much info about you as possible. Now they are going after your passwords? Wake up people.

streetw0lf said,
When are you people going to realize that Chrome only exists to gather as much info about you as possible. Now they are going after your passwords? Wake up people.

Kind of funny considering Google is one of the main ones who opposed SOPA and PIPA and are who brought the website online that made it easy to get in contact with senators in your area to convince them not to vote for the bill.

You people need to wake up. Every company out there stores your data encrypted and collects data for their services. And I'm sure Google is going to sit around decrypting millions of peoples personal info so they can do something with it. Maybe they'll decrypt my social security number, name, date of birth, address, telephone number and credit card numbers and turn me in to the credit bureaus so they can reduce my score from 72 to 17! Furthermore, maybe they will turn me in to collection agencies so they can harass me about the thousands upon thousands of dollars in debt I have right now!

If you're that concerned about your privacy, then you shouldn't even be on the internet. Plan. And. Simple.

GollyJeeWizz said,

Kind of funny considering Google is one of the main ones who opposed SOPA and PIPA and are who brought the website online that made it easy to get in contact with senators in your area to convince them not to vote for the bill.

Because they were one of the smart companies that knew the backlash that would occur if they supported SOPA.

Arthax said,
I'll "stick" to my HP fingerprint reader.

I would recommend relying on finger print readers for convenience only. For instance, use the finger print reader to simplify the input of your master password into roboform or last pass. This way in case your finger print reader takes a **** you aren't totally out of luck.

Ummmmmm what if you uninstall chrome or want to use other browsers and dont say there stored on a google account 1: This is a company that reminds its self not to be evil... 2: Secondly not everyone has a google account or wants google storing there passwords.

Yes I know you dont have to use it but im sure its going to cause a alot of pain to less informed users. Add to this the problems of not accually knowing your own passwords.

No thanks.

It's a good idea to have this built in instead of in an add-on. That said, I find that good passwords like these that use special characters don't work in the places that need them the most. These "secure password" things that Visa and MasterCard make you use don't let you have long passwords with special characters. It's mad!

Lastpass or KeePass both work VERY well, and you can have huge passwords yet only need to remember ONE (that opens the password vault for you). Amazing people still using '12345' and such as their password.

Frankenchrist said,
Lastpass or KeePass both work VERY well, and you can have huge passwords yet only need to remember ONE (that opens the password vault for you). Amazing people still using '12345' and such as their password.

Agreed. i prefer 'Password Safe v3.27' (download here... http://goo.gl/2kFsI ) or get it from the site... pwsafe.org (which just takes you to that link anyways)

MattWeihl said,

Yep. The reason I love Lastpass is because it's cross-platform.

Yep, combine it with Android/Google authenticator and it's hard to beat. A stock plugin of sorts for the stock Android 4.0 browser would be the icing on top of the cake but hopefully they'll support Chrome at least once it hits a stable version.

There are many options available that already do this, but with Google getting in the loop, I wouldn't trust it.

This is a good start to encourage average users to use more secure passwords. I know many people who still use their birth date, name, etc. as their one and only password.

As for myself, I'll stick to LastPass Premium.

POOR. As has been discussed countless times, random passwords aren't the way to go. Long pass phrases are your key to security. This just further reinforces bad habits.

AJerman said,
POOR. As has been discussed countless times, random passwords aren't the way to go. Long pass phrases are your key to security. This just further reinforces bad habits.

Agreed about the long passwords being the way to go comment.

It annoys me so much when websites force me to use a password between 8 and 12 characters long.. I tend to use 16 characters or more most of the time.

Hardcore Til I Die said,

Agreed about the long passwords being the way to go comment.

It annoys me so much when websites force me to use a password between 8 and 12 characters long.. I tend to use 16 characters or more most of the time.


Not as bad as my bank which allows only numbers and letters and requires the password to be exactly eight characters long. Highly secure indeed.

Stephen said,
http://xkcd.com/936/

just incase anyone wants more information on this


I was thinking of that, too!

I think many password rules are ridiculous, like a low maximum of characters.
I mean... it's not a lot of HDD capacity that will be used LOL and it's cheap added security if a member indeed decides to go with a long passphrase.

Jesus Christ... some rules are so ridiculous it HURTS.

GS:mac

AJerman said,
POOR. As has been discussed countless times, random passwords aren't the way to go. Long pass phrases are your key to security. This just further reinforces bad habits.

As long as there is a safe place to store the passwords, it is a great way to go. Google is banking on the the inability of the average peoples to create good passwords and on the laziness of the peoples to remember randomly generated passwords, which in turn will lead the peoples to give up their passwords to Google for storage.

Jebadiah said,

As long as there is a safe place to store the passwords, it is a great way to go. Google is banking on the the inability of the average peoples to create good passwords and on the laziness of the peoples to remember randomly generated passwords, which in turn will lead the peoples to give up their passwords to Google for storage.


And hence decrease motivation to jump ship to another browser should they ever feel the urge...

Hey, let's copy and paste those 100 passwords to the new browser...
all one by one... by hand... upon VISITING the sites and now creating a simple database like that... YAY!!!

Glassed Silver:mac

Jebadiah said,

As long as there is a safe place to store the passwords, it is a great way to go. Google is banking on the the inability of the average peoples to create good passwords and on the laziness of the peoples to remember randomly generated passwords, which in turn will lead the peoples to give up their passwords to Google for storage.

I agree, but I think the password database itself should be password protected.. so you can only automatically login to websites if you enter Chrome's master-password.

This may already be possible, I don't know... I only use Chrome as a basic browser and haven't really explored its' potential.