Integrated Password Managers – Google Smart Lock

We are advocates of using a password manager to create, manage, and securely store the dozens (or hundreds) of unique and long passwords that we need to be using these days.  For many people, password managers can seem difficult to set up and a bit of a hassle to use.  The good news its that there are two easy and built-in alternatives, Google Smart Lock and Apple iCloud Keychain.  Today we will look at Smart Lock.  On Friday we will explore Keychain.

Google Smart Lock works with Android phones, the Chrome browser and apps, and with Chromebooks.  It works by capturing your password you enter on your device, and store them in encrypted form in the cloud.  Then when you return to a website or app, Smart Lock fills in the user and password information for you.

Smart Lock does not have all the features that a full-fledged password manager will have, but it is pretty much set up for you by default.  You may be using it already without knowing it.  I took a look passwords.google.com and found out I already had a bunch I wasn’t aware of myself.  While I was there, I turned Smart Lock on.  Go and do likewise.

Previously, if you had asked me if it was safe to let a browser remember your passwords for you, I would have answered “no.”  In the specific case of Chrome, I would change that answer to a qualified “yes.”  Just remember, if your device is lost or stolen, and the finder or thief can start or open it without a password or passcode, they will be able to log in to all your saved sites, as your user name and password will autofill just as easily for the stranger as for you.  That’s why all my devices are password protected at startup.  Yours should be too.

More information:

 

0

About the Author:

Cybersecurity analyst, pen-tester, trainer, and speaker. Serving small business owners in the St Paul, Minneapolis, and western Wisconsin area since 2001. Cybersecurity and hacking have been a passion of mine since I entered the computer and networking business in 2000. I hold several cybersecurity certifications including Certified Information Systems Security Professional (CISSP), Certified Advanced Security Pratitioner (CASP), and Certified Ethical Hacker (CEH). Other computer industry certifications include A+, Network+ and Microsoft Certified System Engineer (MCSE). As Cybersecurity Analyst at The WyzCo Group, I help our clients experience high levels of security on their computers, networks, and websites. In addition to consulting on security products and services, we also conduct security audits, vulnerability assessments and full penetration tests. We also work with companies and organizations that need to certify compliance with regulations such as PCI-DSS (credit card processing), HIPAA/HITECH (medical records), and GLBA. We also provide Cybersecurity Awareness Training for clients and their employees. I am a frequent speakers at cybersecurity conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference, the (ISC)2 World Congress, and the ISSA International Conference, and many local community organizations, Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2008.

Add a Comment


This site uses Akismet to reduce spam. Learn how your comment data is processed.