Google updates Chrome’s built-in password maker
8 September 2014 | 0
Google has modified a long-available password generator within a Chrome preview to make it easier to use, according to a Google employee.
François Beaufort, a Chrome evangelist – and formerly a prolific browser detective who mined Google’s bug tracker for hints of upcoming features – pointed out the revamped password generator on Thursday on Google+.
“As soon as you focus the password field, a nice overlay will suggest… a strong and pronounceable password that will be saved in your Chrome passwords,” Beaufort wrote.
Chromium, the open source project that feeds code into Chrome itself, has had a password maker for more than two years – albeit one hidden behind a dense experimental setting screen – but the new version, with a new user interface (UI), has been promoted from Chromium to Canary, the least-polished build.
Canary is similar in concept to Firefox’s Nightly channel in that it is updated daily.
To enable the new password generator, users must type chrome://flags in the address bar, then choose ‘enable’ for both Enable-password-generation and Enable-save-password-bubble in Canary.
It’s unknown when, or even if, the revised password maker will make it into the production-quality version of Chrome, called Stable by Google. Features can languish in Canary for months, and sometimes even disappear. At the earliest – assuming Google adds the generator to Chrome’s Dev (developer) channel, its roughest-edged build in its development cycle, with the next iteration – the redesigned password maker would be unlikely to make it to Stable before the end of this year.
The only other browser with an integrated password generator is Apple’s Safari. That browser’s capability, however, comes courtesy of OS X’s iCloud Keychain, an operating system feature that works only with Safari. Apple first included iCloud Keychain last year with Mavericks.
If Chrome does bundle a password maker, the browser would compete against a host of third party password managers that tie to Google’s browser as well as others. Those include AgileBits’ 1Password; LastPass’ same-named application, LastPass; and Siber Systems’ RoboForm. Prices of those managers range from free (LastPass) to $50 (1Password).
Security experts have long bemoaned poor password practices – people often reuse the same passwords, frequently choose obvious ones, and rarely make them strong enough – but have had few solutions to offer other than password managers.
Password strength and reuse recently made news as hundreds of intimate photographs of celebrities were spread across the Internet. Many of the victims were iPhone owners, and suspicion focused on Apple’s iCloud sync and storage service. Apple’s CEO Tim Cook denied that iCloud had been hacked, but instead argued that attackers stole passwords by correctly answering reset questions, or after victims fell for phishing scams and gave up their credentials. If so, stronger and unique passwords would not have made a difference.