How Chrome and Safari can help you strengthen your passwords
Thou shall not reuse your login information...
This story has been updated. It was originally published on November 4, 2019.
Choosing a good password means finding a careful balance between something simple you won’t forget, and something complex that no one will ever guess.
Reusing passwords across multiple accounts is a tempting way to ensure you won’t get locked out of your favorite platforms, but this is a dangerous tactic as far as your online security goes. If hackers gain access to one account, they can get into all others using the same password. Remember—your accounts are only as secure as the weakest of the bunch.
Safari and Google Chrome are here to help, though. Both browsers feature tools that will help you pick strong passwords and remember them, too. You’ll even get warnings when you’re reusing credentials or when they are spotted in a data breach.
When you create a new online account in Chrome, and you click inside the password field, the browser will make a suggestion for you. If it doesn’t appear automatically, try right-clicking and choosing Suggest password. Whether you take it or leave it, once you finish creating your new account, the browser will offer to save your login details. You should see this via a prompt in the top-right corner.
These login details can be synced everywhere you use Chrome, as long as you’re signed into the same Google account and syncing your data across devices. To check, click the menu button (three dots, top right) in Chrome, then choose Settings and Sync and Google services.
From the main Settings page, click Autofill, then Passwords to see all of the passwords Chrome is managing for you. Here you can view, edit, or delete any of them—use the search box at the top if you need to find a specific one. If you’re not comfortable with this feature, you can also disable the prompt that offers to save passwords for new accounts.
While you’re on the passwords screen, click Check passwords, and Google will check all of your stored passwords for duplicates or for matches in public data breaches (you may be prompted for your master Google password again along the way).
The results screen is split into three sections: compromised passwords (mentioned in data breaches), reused passwords (identical passwords for different accounts), and weak passwords (those that can be easily cracked). Click on any of the Change password links to head to the relevant website and change your details.
We’d recommend taking action on every account Google flags up, even if you have dozens to work through. If you use Chrome’s password suggestion feature, you should be able to get your account credentials safe and secure without spending too much time on the job.
These same passwords and user credentials sync to Chrome on Android and iOS, as long as you’re signed into the same Google account—when you’re on a sign-in screen Chrome recognizes, your saved password will pop up so you can select it with a tap. On Android, when you’re signing up for something new, you’ll see a Suggest password option as well. Unfortunately, this feature hasn’t yet made it to Chrome for iOS.
If you’re using the Safari browser across your Apple devices, you will find similar password management and checking features as the ones Chrome has.
When you sign up for an app or site for the first time, Safari will give you the option to create a password—though it’s not immediately obvious. Click the small key with a downward pointing arrow at the far right of the password field and select Suggest New Password. If you don’t like it, click Strong Password and select Don’t Use to empty the field. Then you can come up with one on your own.
Safari securely remembers all your login information and syncs it between devices. If you’re signing into a website Safari has details for, they’ll appear automatically when you click in the username and password fields.
To see all of the credentials Safari is storing, open the Safari menu and choose Preferences, then Passwords (you’ll be asked to provide your Apple ID information or use the Touch ID button on the Touch Bar before you actually get to see them). You’ll see a list of all stored passwords, sorted alphabetically by website URL. If you need to look for something specific, you can use the search box in the top right.
Double-click on any entries in the list to make changes to the credentials stored in Safari’s database. You can also delete entries via the Remove button. If you don’t want Safari to log into sites for you automatically, go to the Autofill tab within Preferences and uncheck the box marked User names and passwords.
Just like Chrome, Safari also checks for weak and duplicate passwords. If you’re reusing one, or if it can be easily cracked, you’ll see a yellow exclamation mark next to it on the right-hand side. Double-click on the entry to see why Safari isn’t keen on a particular password, and you’ll get a list of sites you’re using it on, or the reason why it’s weak.
This functionality is also available on iOS. Open the Settings app and choose Passwords to see Safari’s database of passwords (after you unlock the screen like you would unlock your phone). Just as in the desktop version, duplicates and weak passwords will be flagged with a warning symbol.
We’d also recommend changing all passwords Safari flags. Both on MacOS and iOS, follow the URL provided in the login details box you get when double-clicking on any entry in the list. When you change your credential, you can make use of Safari’s suggestions, or create your own.