Skip to content
logo The magazine for digital lifestyle and entertainment
A brand of Bild
Chrome Google News Security All topics
From the BSI (Federal Office for Information Security)

Warning About Google’s Password Manager! Users Should Change Chrome Settings

Google's password manager is directly integrated into Chrome, which can pose a security risk for users.
Google's password manager is directly integrated into Chrome, which can pose a security risk for users. Photo: Getty Images
Share article
Adrian Mühlroth

December 16, 2025, 12:29 pm | Read time: 2 minutes

A recent investigation by the BSI reveals a serious issue: Some password managers store login data in a way that allows manufacturers to access it. One of the candidates that failed the test is the Google Password Manager. Its integration into the Chrome browser makes the tool a gateway for hackers.

BSI Warns Against Using Chrome as a Password Manager

According to the BSI report: “In 3 out of 10 of the examined products, passwords are stored in a way that manufacturers could theoretically access them.” For Chrome, this means that with synchronization enabled, Google can access data. The agency explicitly advises: “Users should set a custom passphrase in the settings when synchronizing via the Google account.”

Google itself reported back in June 2025 that defending against account takeovers is becoming increasingly difficult. Attackers are increasingly trying to steal passwords, MFA tokens, and cookies. If a Google account is taken over, the damage can be far greater than just the loss of emails—especially if Chrome Sync is active.

More on the topic

Chrome Is a Data Collection Machine

Google promotes the Chrome browser with convenient features, such as synchronizing “bookmarks, passwords, and more” across all logged-in devices. Browsing history, open tabs, payment data, address, and more are available everywhere and at any time. This data storage makes a compromised account highly attractive to attackers.

Also of interest: OpenAI Launches Browser Offensive on Chrome and Others

With new AI-powered autofill features, the amount of data continues to grow. Chrome can now pull loyalty cards, travel details, and more from Google Wallet.

What Users Should Do

The sheer amount of data Chrome collects makes the Google account a central vulnerability. Users should set passkeys for the password manager to prevent easy reading of passwords. Another method to enhance password security is using multi-factor authentication (MFA) without SMS—such as via an extra app. However, the best approach is to review and potentially limit sync settings. For those who truly want to be on the safe side, there is ultimately the option of not storing passwords in the browser and instead using external password managers.

This article is a machine translation of the original German version of TECHBOOK and has been reviewed for accuracy and quality by a native speaker. For feedback, please contact us at info@techbook.de.

You have successfully withdrawn your consent to the processing of personal data through tracking and advertising when using this website. You can now consent to data processing again or object to legitimate interests.