Google Chrome will now generate unique passwords for you
The ever-popular browser Google Chrome turned 10 years old this month, and with that anniversary the Google team announced a bevy of new changes in the latest release – from a new look to behind-the-scenes functionality tweaks.
We’re most interested in the security-related update that the new version of Chrome now offers: an in-browser Chrome-native password generator and manager.
Yes, Google products have been offering to store passwords for their users for some time now via Google Password Vault – and for that matter, most browsers have been offering their own native password manager features too (in addition to the many third-party password managers that integrate into the browser of your choice).
Combined password manager and generator
The new wrinkle here is that Chrome will now generate a unique password for the user as a part of the everyday credential creation process.
That generated password will be stored in the cloud-based Google Password Vault, meaning it will be available to that same logged-in Chrome user across their devices.
Chrome is by no means the only browser with this capability. We’ve previously covered how Apple’s Safari browser will be offering similar functionality in the upcoming iOS 12 release, which should be out this month.
So it seems like in-browser password management and generation are well on their way, if not already here. Hooray, right?
Generally speaking, the fewer barriers between users and the creation of more secure, unique passwords, the better. However, depending on your point of view, there may be caveats.
For those who already have the desire and ability to use a password manager the fundamental question is whether or not they will prefer to entrust their passwords to a massive company like Google or Apple, a third-party password manager like 1Password or LastPass, or use a homegrown solution, like a personal algorithm.
There’s certainly an argument for keeping passwords out of the cloud, a browser, or a big company that already knows a ton about you, like Google or Apple. Putting all your browsing and password information in one place may be a risk that not everyone wants to take – not everyone wants all their eggs in Google’s basket, so to speak.
And certainly, there are many people that never want their password vault stored on the internet, regardless if it’s via a browser password manager or a cloud app. For those folks, an in-browser password generator and manager understandably holds little appeal.
A convenient tool?
On the other hand, though many of us know what good password hygiene is, why it matters, and how to use a password manager, there are just as many – if not more – who don’t.
Then there are those who know it is important, but still don’t bother with it – a refrain we often hear is that people know strong, unique passwords matter, but it’s such a pain to find yet another piece of tech to help with this (let alone set it up and learn to use it).
In this case, a built-in password generator and manager within the browser offers a distinct advantage: Most people are very comfortable with how their browser works, and if the browser offers oh-so-helpfully to take care of yet another internet annoyance (making and remembering all those pesky passwords), it’s one less thing to worry about.
What do you think? Does an in-browser password generator and browser appeal to you? If you’re a Chrome user, will you be using Google’s password vault or are you sticking to a different option?
- SOC Manager. SC Clearance. Immediate opportunity.
Permanent SOC Manager. SC cleared / clearable, London / Birmingham. SOC Manager needed to replace a SOC contractor I placed into a client who is due to complete their assignment at the end of March. The ability to achieve SC clearance is essential. Looking for someone that is a blend of strategic stakeholder engagement with strong technical skills. The role will sit in a relatively new SOC environment. The position is to setup, implementation and management of resources to help with the initial and on-going stages of a new SOC. Experience engaging with and managing client stakeholder relationships as well as 3rd party relationships is critical. The role will involve; setting up, implementing and fine tuning the various initial stages of a SOC environment. Experience establishing and building out technical process / operational capability, managing of technical teams (analysts, engineers and architects, creation of policy / playbooks, fine turning is key. SPLUNK is the tooling of choice… Interviewing immediately. Set up a call with me today on https://calendly.com/chris-holt/arranged-call-with-chris-holt-soc-manager-role Direct contact details Chris.Holt@dclsearch.com or 07884666351
- Security engineer. Financial Services. UK. Permanent
CH7863 Security engineer. End User . Financial Services Security Engineer needed to monitor and manage a security suite of tools within an End User environment. The Security Engiener will be responsible monitoring, configuring, fine tuning, incident management and generally improving the security tool capability. Specific experience with CyberArk, Tripwire Log Center and Tripwire Enterprise is highly desirable). Current experience with Vulnerability management and penetration testing is highly desirable. Specifically the ability to effectively manage 3rd party pen tests. You will be working within a specialist security team reporting to the CISO. Experience working within an end user environment within financial services is highly desirable. Flexible location. This is an exclusive role to DCL Search & Selection. To book a call please use my Calendy link https://calendly.com/chris-holt/arranged-call-with-chris-holt-soc-role-
- DevSecOps - Security design / review consultant. SC Clearance. London
CH7858 London £70,000 DevSecOps - Security design / review consultant. DevSecOps - Security design / review consultant will ensure that newly created, public facing apps are secure by design and by default by aligning them to current / best practice security policies and standards into the design phases. The individual must have a technical software / application development background with specalist experinece in secure architecture design. (Frameworks, processes, best practice etc) Practical experience translating and ensuring that the OWASP top 10, ISO27001, HMG frameworks requirements are reviewed and embedded into project designs which are implemented is essential. Experience working projects through a full development lifecycle is key. You will work along side the design and project teams to idenitfy and mitigate risks throughout the design phases. This is a permanent role. SC clearance is essential as is the ability to get to the London office. (When appropiate #covid) Security DevSecOps consultant. To arrange a discreet call book via https://calendly.com/chris-holt/devsecopp--security-design-review-consultant
- CONTRACTOR Cyber Vulnerability Analyst, NESSUS, Rapid 7, SC clearance required.
Cyber Vulnerability analyst NESSUS, Rapid 7, needed for IMMEDIATE 3 month contract MUST have / be able to achieve UK SC clearance role to work within a live environment within a public sector department. The individual must have experience in using various security methods and tools such as Rapid7 and NESSUS scan for / identify vulnerabilities, prioritise them according to risk and raise appropriate tickets for remediation / follow up. In depth experience utilising Nessus highly beneficial. Current cyber public sector experience highly desirable.