Why did I have to learn about Google’s password collection by surprise?
Last year, I found out about Google’s tracking of our purchase history. Yesterday, after reinstalling my email client, my Gmail account was blocked because it was considered an ‘unsafe’ app. * In turn I had to dive deeply into the issue, and found out that Google now has a password manager.
Yes, we take passwords for granted, but should we trust Google with them?
A password may be deemed as a type personally identifiable information, so moving my password from my devices without prior consent feels like highjacking. Google is not a disinterested 3rd Party; by holding on to your passwords, it gives theme more power to create a walled garden between your life and their corporation. In addition, the cumbersome interface makes its difficult to delete your passwords in Google. Taking a page right out there purchase history, you have to delete passwords one by one.
I can not recall specifically how they got my passwords, my best guess is that I occasionally allowed Chrome to store the passwords. I thought these were kept in a local, encrypted file, not on the cloud. I would imagine for many passwords collected were for sites that would be none of Google’s business.
Their sleight of hand is ever so effective – essentially we want to see if your passwords are compromised – the guise is that Google is providing you a service. The thing is, I never asked for this service, and I already use a password service that tests against compromised passwords.
By storing your purchases, passwords and both your digital and physical life, Google is putting all your eggs in one basket. This makes its not only a slippery slope for you, but for them. They say their technology is a step ahead of external bad players. But what about internal? A single disgruntled employee can make decisions that are harmful to many. A single bad management decision can effectively bring the online world to its knees.
They can afford millions for lawyers and a public relations team, but would happen if the keys to your kingdom was handed over to thieves? Let’s hope Google never drops the basket or give it to the wolves.
What to do next?
Here’s where you can see your passwords: https://passwords.google.com/. Deleting is cumbersome, there is a not “select all” to delete, and in addition, you have to content with the ‘are sure’ popup.
Here are independent 3rd Party managers that can serve as alternatives to Google password manager.