Can Google Employees See My Passwords Saved in Google Chrome?

Short answer: No*

Passwords stored on your local machine can be decrypted by Chrome, as long as your OS user account is logged in. And then you can view those in plain text. At first this seems horrible, but how did you think auto-fill worked? When that password field gets filled in, Chrome must insert the real password into the HTML form element - or else the page wouldn't work right, and you could not submit the form. And if the connection to the website is not over HTTPS, the plain text is then sent over the internet. In other words, if chrome can't get the plain text passwords, then they are totally useless. A one way hash is no good, because we need to use them.

Now the passwords are in fact encrypted, the only way to get them back to plain text is to have the decryption key. That key is your Google password, or a secondary key you can set up. When you sign into Chrome and sync the Google servers will transmit the encrypted passwords, settings, bookmarks, auto-fill, etc, to your local machine. Here Chrome will decrypt the information and be able to use it.

On Google's end all that info is stored in its encrpyted state, and they do not have the key to decrypt it. Your account password is checked against a hash to log in to Google, and even if you let chrome remember it, that encrypted version is hidden in the same bundle as the other passwords, impossible to access. So an employee could probably grab a dump of the encrypted data, but it wouldn't do them any good, since they would have no way to use it.*

So no, Google employees can not** access your passwords, since they are encrypted on their servers.


* However, do not forget that any system that can be accessed by an authorized user can be accessed by an unauthorized user. Some systems are easier to break than other, but none are fail-proof. . . That being said, I think I will trust Google and the millions they spend on security systems, over any other password storage solution. And heck, I'm a wimpy nerd, it would be easier to beat the passwords out of me than break Google's encryption.

** I am also assuming that there isn't a person who just happens to work for Google gaining access to your local machine. In that case you are screwed, but employment at Google isn't actually a factor any more. Moral: Hit Win + L before leaving machine.


Actually, it's pretty trivial to retrieve your passwords from most browsers. The insane password security article was written by someone who uses mainly Safari, and seems to think that HAS to be the right way. This is user level security by obscurity. The person who brought up the issue is an developer who does mainly iOS, OS X and web development, not security development, and you might want to read Google's counterarguement too

On Windows, this tool from Nirsoft handily lets me snarf all your passwords from multiple browsers. If someone has physical access to your system, it's too late.

And no, it's unlikely Google would allow its employees to see your passwords - the actual synchronization part of the browser is encrypted - either using your login credentials, or your own passphrase. Google as such doesn't have an unencrypted copy of your password. It's good practice since it prevents leaks of said passwords, the temptation to do a little loveint, and from governments to demand that Google hands over passwords. You can't tattle what you don't know.

If you're really worried, just use a third party password manager and sync it whatever way you trust, or use a less common web browser (which these tools don't support) with a master password. Nonetheless, the argument that plain text password storage is not very useful in the day where GPU accelerated password cracking is available.


Theoretically not. See https://support.google.com/chrome/answer/1181035 for more details, but basically your synced data (passwords, bookmarks, history, etc.) are encrypted before they're sent to Google's servers. The encryption uses either your Google account password, or a separate password you choose just for the purpose of syncing. In order to keep things synced without having to type in that password all the time, the sync password does have to be stored on your local computer.

For a Google employee to see your passwords (assuming they don't have access to your local machine), they'd have to know the Google account password or your sync password. I'd assume the Google account password is stored in some kind of hashed form on their side, so that wouldn't let them readily decrypt your synced data.

Just to be clear, there are two distinct password storage issues when it comes to Chrome. One is how passwords are stored locally, and your various links talk about how those passwords can easily be viewed if someone can gain access to your local account. The other issue is what I've discussed above, namely how passwords are sent up to Google's servers, so that they can be available across multiple Chrome installations.