Google new Password Manager raises security concerns

Google, the pioneering service that originated with Gmail and marked its 20th anniversary on April 1st, 2024, has unveiled a new feature named ‘Password Manager.’ This service allows users to seamlessly transfer their passwords from their mobile devices to other devices or online login accounts.

While this new feature offers undeniable convenience, experts are sounding alarms about potential security risks. The transfer of passwords via CSV files poses a significant threat as these files can be accessed by unauthorized individuals, potentially enabling hackers to exploit them with minimal interception knowledge. Furthermore, there’s a concern that applications with permission to view or modify files on the device could tamper with the transferred passwords.

In response to these security concerns, Google has implemented a mandatory step requiring users to input their login password. However, this measure alone may not be sufficient to instill trust among users, especially considering the risks of password guessing or brute force attacks.

Despite these drawbacks, there are several advantages to utilizing this feature. Importing and exporting passwords becomes incredibly convenient for users, and the service includes a built-in de-duplication process for credentials.

Accessing this new service is straightforward. For Android users, simply navigate to the settings tab on your device, access Google services, then tap on ‘Manage your Google Account,’ followed by ‘Security,’ and finally, the ‘Password Manager‘ service.

For those preferring browser access, visit passwords.google.com and follow the provided guidelines to access the service securely.

Users should exercise caution when downloading CSV files and refrain from opening files from unknown senders to mitigate potential risks.

While features like data encryption and password protection are still evolving in this realm, recent efforts have extended these security measures beyond the Chrome ecosystem to other browsing platforms.

Ad
Naveen Goud
Naveen Goud is a writer at Cybersecurity Insiders covering topics such as Mergers & Acquisitions, Startups, Cyber Attacks, Cloud Security and Mobile Security

No posts to display