Pages

20.2.12

Google working on strong password generator for Chrome


Summary: Google tries to eliminate weak passwords.

Google is working on creating a strong password generator for the Chrome browser that will automatically generate strong passwords for users. The system is currently in the development stage, but Google has outlined the design principles over on the Chromium blog. It also gives us an insight into Google’s long-term plans.

‘Chrome’s long term solution to this problem is browser sign in plus OpenID. While implementing browser sign in is something that we can control, getting most sites on the internet to use OpenID will take a while. In the meantime it would be nice to have a way to achieve the same affect of having the browser control authentication. Currently you can mostly achieve this goal through Password Manager and Browser Sync, but users still know their passwords so they are still susceptible to phishing. By having Chrome generate passwords for users, we can remove this problem.’

The password generator will use heuristics to detect when users are on a sign-up pages and put a key icon in the password box. Clicking on this icon will generate a strong password, display it to the user, and if they accept it, add it and the username to the password manager.

I think that this is both a good idea and a bad idea. It’s a good idea because it helps users generate strong passwords, minimizing reuse and weak passwords. However, I don’t like it because it locks users into Chrome and makes it hard for them to use a different browser.

In other words, it’s a good idea, but it’s also a good way for Google to lock users into its browser.