Get started with on-device encryption

How on-device encryption helps protect your data

A great way to think about data encryption at Google is to think about locking your valuables in a safety deposit box. You lock up your valuables, and the bank looks after the key.

What does encryption mean?

Encryption is just a way of making the info you save to Google more secure. Using a unique key, your info is made impossible to read by anyone else. Then, the only way to read the information is by unlocking it with the same unique key.

Password and passkey encryption at Google

When you save a password or passkey to Google Password Manager, it gets scrambled (encrypted) using a unique key.

How it works

Once your saved data, like a password or passkey, is encrypted, Google locks it in a secure place until you need it. When you need to use a password or passkey, Google Password Manager unlocks it for you once we know it’s really you.

What it means

This type of encryption means that you trust Google to hold the key and keep your data secure.

On-device encryption and your data

With on-device encryption, you lock up your passwords or passkeys with Google Password Manager, but you take the key with you instead. This means that only you can see your data. Just keep in mind that if you lose the key, you could lose your data too.

How it works

Once on-device encryption is set up, you can use your Google password or the screen lock for compatible phones or tablets to unlock your password or passkey.

What it means

This type of encryption means that only you have the key to unlock your data, like passwords or passkeys.

Things to consider

Just remember that if you lose the key to your data, you could lose your passwords and passkeys too.

The difference between on-device encryption & sync passphrase

On-device encryption and sync passphrase increase the privacy of the data you sync to Google.

On-device encryption applies to your passwords and passkeys only. Sync passphrase applies to all of the data that you sync to Google via Chrome.

On-device encryption lets you set up multiple ways to lock and unlock data, like your passwords or passkeys, making it less likely you will lose access to your data.

With sync passphrase, you choose a phrase to lock and unlock your data. You will lose access to your data if you forget your sync passphrase. Learn more about how to keep your info private with a sync passphrase.

How standard password encryption works

Today, your saved passwords are encrypted while they’re sent over any network and when they’re saved to Google. The encryption key, used to access your passwords, is safely stored in your Google Account. Google then uses this key to access (decrypt) your passwords when:

  • You access them on passwords.google.com, on your Android devices, or in Chrome settings.
  • Your passwords get checked for security issues in the Password Checkup.

How on-device encryption works

When on-device encryption is set up, data like your passwords can only be unlocked on your device using your Google password or the screen lock for an eligible Android device, and passkeys can only be unlocked on your device using the screen lock for an eligible Android device. With on-device encryption, no one besides you will be able to access your encrypted data.

Get started

Important:

  • Once on-device encryption is set up, it can’t be removed. Over time, this security measure will be set up for everyone to help protect password and passkey security.
  • If you lose access to your Google Account, you risk loss of access to your saved passwords or passkeys. Keeping your account recovery phone number and email up-to-date can help regain access to your account if you can't sign in.

Set up on-device encryption for your data on Android

  1. Tap Settings Settings and then Set up on-device encryption.
Tip: If you don’t want to set up your screen lock right away, you can do it later from Password Manager settings.
Important: For passkeys, screen lock setup is always required.

Set up on-device encryption for your passwords on Chrome

  • In your Chrome browser, at the top right, select More More and then Settings and then Passwords and then Set up on-device encryption.

How to access your passwords or passkeys on a new device

In most cases, you can automatically access data like your passwords on a new device when you sign in to your Google Account. For passkeys, we ask you for your screen lock before you can access your encrypted data.

Access saved passwords on Android
  1. Sign in to your Google Account.
  2. Turn on Autofill with Google.
Access saved passwords on Chrome
  1. Sign in to your Google Account.
  2. Turn Sync on in Chrome.
  3. Chrome may ask you extra steps, like entering the screen lock for your Android device to decrypt your saved passwords.

Recovery options

To make sure you can always recover your saved passwords or passkeys (like if you lose your phone or computer), Google recommends adding recovery options. Today, you can use your Google password and people with an Android device can use their screen lock to access encrypted data, like passwords or passkeys. More recovery options will be added over time.
Use your Google password
By default, you can access your encrypted passwords on a new device using your Google password. If you forget your Google password and create a new one during account recovery, you will not be able to access your saved passwords again until you confirm your new Google password. In this case, you’ll get a reminder to confirm your new Google password before you regain access to your saved passwords. To avoid issues with account access, confirm your password right away.
Devices that can sync your passwords
You can also sync your passwords to multiple devices so you have another way to recover them. For example, if you lose your phone, your passwords will still be available on another device. Those devices can be used for recovery, even if you lose all other recovery options.
Use the screen lock for your Android device
Android device users can use their screen lock as an additional way to access your encrypted data. When you set up on-device encryption, we’ll send a notification to your eligible Android devices so you can add this recovery option.
You can also add a screen lock recovery option in the Password Manager settings at any time. You must do this on the device that uses the screen lock you want to add.
Important: For passkeys, screen lock setup is always required.
Important: When you access your encrypted data on a device, you have 5 attempts to enter the correct screen lock. If you exceed this limit, you can no longer use your screen lock to access your passwords and passkeys. This protects your screen lock from being guessed.

Losing access to your data

You will lose all your passwords and passkeys if:
  1. You lose all of your recovery options:
    • Google password
    • Screen lock on Android, if you added one
  2. You also lose access to every device that:
    • Is signed in to your Google Account
    • Has your passwords and passkeys stored

Important: These steps delete your server-side Chrome Sync data, which includes data such as bookmarks and Chrome settings in addition to your saved password list. For more info on what data Chrome syncs, go to Chrome data in your account.

If you lose access to data, like your passwords or passkeys, and want to use Google Password Manager again, you must:

  1. Go to chrome.google.com/sync.
  2. At the bottom of the page, select Clear Data.
  3. Turn Sync on in Chrome on your devices.
  4. Go to passwords.google.com/settings and set up on-device encryption.
 
Was this helpful?
How can we improve it?
Search
Clear search
Close search
Google apps
Main menu
Search Help Center
false
false
true
70975
false
false