How on-device encryption helps protect your passwords
A great way to think about password encryption at Google is to think about locking your valuables in a safety deposit box. You lock up your valuables, and the bank looks after the key.
What does encryption mean?
Encryption is just a way of making the info you save to Google more secure. Using a unique key, your info is made impossible to read by anyone else. Then, the only way to read the information is by unlocking it with the same unique key.
Password encryption at Google
When you save a password to Google Password Manager, it gets scrambled (encrypted) using a unique key.
How it works
Once your saved password is encrypted, Google locks it in a secure place until you need it. When you need to use a password, Google Password Manager unlocks it for you once we know it’s really you.
What it means
This type of encryption means that you trust Google to hold the key and keep your passwords secure.
On-device encryption and your passwords
With on-device encryption, you lock up your passwords with Google Password Manager, but you take the key with you instead. This means that only you can see your passwords. Just keep in mind that if you lose the key, you could lose your passwords too.
How it works
Once on-device encryption is set up, you can use your Google password or the screen lock for compatible phones or tablets to unlock your password.
What it means
This type of encryption means that only you have the key to unlock your passwords.
Things to consider
Just remember that if you lose the key to your passwords, you could lose your passwords too.
The difference between on-device encryption & sync passphrase
On-device encryption and sync passphrase increase the privacy of the data you sync to Google.
On-device encryption applies to your passwords only. Sync passphrase applies to all of the data that you sync to Google via Chrome.
On-device encryption lets you set up multiple ways to lock and unlock your passwords making it less likely you will lose access to your passwords.
With sync passphrase, you choose a phrase to lock and unlock your data. You will lose access to your data if you forget your sync passphrase. Learn more about how to keep your info private with a sync passphrase.
How standard password encryption works
Today, your saved passwords are encrypted while they’re sent over any network and when they’re saved to Google. The encryption key, used to access your passwords, is safely stored in your Google Account. Google then uses this key to access (decrypt) your passwords when:
- You access them on your devices.
- Your passwords get checked for security issues in the Password Checkup.
How on-device encryption works
When on-device encryption is set up, your passwords can only be unlocked on your device using your Google password or the screen lock of an eligible device. With on-device encryption, only you will be able to view and manage your passwords.
- Once on-device encryption is set up, it can’t be removed. Over time, this security measure will be set up for everyone to help protect password security.
- If you lose your Google password, you risk loss of access to your saved passwords.
Set up on-device encryption for your passwords
- Go to Google Passwords (passwords.google.com).
- Select Settings .
- Select Set up.
How to access your passwords on a new device
In most cases, you can automatically access your passwords on a new device when you sign in to your Google Account. In rare cases, we ask you for a recovery option before you can access your passwords.
To make sure you can always recover your saved passwords (like if you lose your phone or computer), Google recommends adding password recovery options, like syncing your passwords to multiple devices.
Use your Google password
By default, you can access your encrypted passwords on a new device using your Google password. If you forget your Google password and create a new one during account recovery, you will not be able to access your saved passwords again until you confirm your new Google password. In this case, you’ll get a reminder to confirm your new Google password before you regain access to your saved passwords. To avoid issues with account access, confirm your password right away.
Devices that can sync your passwords
You can also sync your passwords to multiple devices so you have another way to recover them. For example, if you lose your phone, your passwords will still be available on another device. Those devices can be used for recovery, even if you lose all other recovery options.
Losing access to your passwords
You risk losing your passwords if you forget your Google Password. You can recover your passwords using another device where you're signed in with the same Google account.