Keeping track of passwords is a pain.
You shouldn’t use the same one for every account because that’s ridiculously unsafe. A third-party password manager is one solution, though it isn’t perfect, and the best ones cost money. I once crowned LastPass the king against competitors, but since then a perpetually bad interface on the web and a recent security breach caused me to look around.
While Dashlane and 1Password are admirable services, none have proven to be fully satisfactory. They sometimes get confused by different URLs from the same site, so you end up with duplicates. The extensions that are required to run them sometimes slow down your browser. It’s an imperfect solution to a complex problem.
Google thinks it may have the answer. It could be the right one for you right now, as long as you’re willing to live on the edge a bit and put a few puzzle pieces together. But in the end, if you use Google’s existing password management tools, you’ll have a smooth system that keeps all your online security backed up with Google. Sure, it puts your eggs in one basket, but Google’s shown to be a pretty ferocious bird when it comes to protecting the nest.
Google’s Smart Lock is the future
At Google I/O the company showed off its latest weapon in its long battle against the passwords: Smart Lock. The promise is that Google will “unlock” your favorite websites and apps by securely saving your password to your account and syncing them between Chrome and Android.
You’ll of course need to be a Chrome user and tell the browser (which it does by default) to save and backup all your usernames and passwords.
For example, if you’ve saved your password to The New York Times in Chrome, Google will automatically log you into the Android app. No need to find the password somewhere and re-enter it.
Android developers have to add support for this feature into thier apps in order for the magic to work. Google partnered with a core group of apps to get this ball rolling. Popular services like Netflix, Orbitz, Instacart, and Eventbrite already have it live. Fortunately, because this capability is tied to Google Play Services, it’s already working on your device. No need to wait for an Android update.
To fire this up, head to the Google Settings app on your Android device and select Smart Lock Passwords.
Make sure that this setting and Auto sign-in are both flipped on. Then try it out yourself by downloading one of the aforementioned apps or signing out and back in again. You should see the Google Smart Lock icon fire up next time you try out one of these apps.
Use the Google sign-in
Because Smart Lock for passwords is in its infancy, there’s another piece of Google’s password-killing strategy that you can use. Google sign-in allows you sign up for and log in to any supported service with your Google account. In most cases you’ll see the Google+ icon, though that’s probably going to morph over time to regular Google branding since the company’s social network is dramatically scaling back.
Just about any decently-sized service now uses the Google+ sign-in option. It’s more secure than a password because the app authenticates your account with Google. You can also occasionally check in with Google’s new account management tool to see which apps you’ve enabled and de-authorize any that you don’t use anymore.
I use this service whenever I can. It means I don’t need to create or keep track of another password. Yes, it means Google owns yet another piece of my online identity, but the company has been a pretty good steward. I’ve been using Gmail for 10 years, Chrome since it launched, and a heavy amount of Google services across Android, Chrome, and iOS. My security has never been breached and my data hasn’t ended up anywhere I’m uncomfortable with. You should be sure to enable two-factor authentication and regularly check in with which devices are accessing your account. With diligence and common sense your security should be fine.
You’ll still need some workarounds
Google’s Smart Lock effort is still in its early days. Very few apps have implemented the feature to automatically use your saved Chrome password when logging into an app. And there are still some that don’t use Google’s sign-in. So you’ll need a workaround for sites where you’ve saved your password and need it to login on Android.
The best way to manage this for now is to get to your passwords at passwords.google.com. From here you can copy any password over to the app that you’re trying to sign in to (after you again sign in to your Google account). It’s not as smooth as having a password manager connect you or using SwiftKey’s partnership with Dashlane.
But for now, it will get the job done. You can view any of your passwords, hit the eyeball icon, and then copy and paste it into the app you want to use. It’s somewhat of a pain, but it’s the best you can do for now until Smart Lock takes off. Strangely, I also found that sometimes the password wouldn't copy to my device's clipboard. The best workaround was to hit the multitasking button, swipe away Chrome, and try it again.
Another tip: Chrome has a hidden feature that will generate secure passwords when it detects you're trying to create a new account on a web site. To flip this on, type chrome://flags into the Omnibox and then look for Enable password generation. Select Enable, and then press the pop-up Restart button for this feature to go live.
This works for both Chrome on Android, Windows, OS X, and Chrome OS. It's the fastest way to get a strong password that's synced to your Google account. I suspect this capability will eventually become a standard feature in Chrome as Google pushes forward with its Smart Lock efforts.
The security solution I’ve outlined here is definitely for someone who doesn’t mind a few hiccups and knows their way around the intricacies of a smartphone. It will be a pain from time to time when you need to copy and paste over passwords. But I expect going all-in with Google’s passwords scheme is the best way to protect your online identity and prepare yourself for Google’s goal to tighten identity management and security between Android and Chrome.