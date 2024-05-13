Summary Beware, the default setting in Chrome for Android could delete all your credentials saved in Google Password Manager.

Deleted passwords cannot be recovered, but one unfortunate victim was saved by an old Bitwarden account.

A potential fix is on the horizon - Google has promised to remove the toggle, but it is still advisable to switch to a dedicated manager.

Google often reserves features for paying Workspace customers, but several conveniences extend to individual accounts as well. Google Password Manager (GPM) is one among the latter, available as a standalone app, a Chrome integration, and an Android system component. A secure password storage vault should remain unaffected when you clear the browsing data your browser accumulates, but a Reddit user recently lost all their saved passwords while performing said action in Chrome, and it should set the alarm bells ringing.

While most users abandon integrated credential storage systems like Google’s in favor of our favorite purpose-built password managers, Redditor /u/harish9294 stopped using a combination of Bitwarden and Authy to enjoy an “integrated and unified experience” on their Pixel 7 Pro with GPM. Unfortunately, they lost all their credentials because the Saved passwords list item was checked by default when they went to clear the browsing data in Chrome for Android (via Tech-Issues Today).

The post goes on to confirm that contacting Google Support was futile because they could not recover the deleted passwords. The redditor’s saving grace was their old Bitwarden account, which they hadn’t fully abandoned, but it is easy to see how such an accidental deletion can be a nightmarish scenario for someone solely dependent on Google Password Manager, especially if the service also generated strong passwords for you when signing up.

A fix should be inbound

A quick trip to the same settings page on my phone with the latest stable version of the browser installed shows I would have lost 159 saved credentials in the blink of an eye if I wasn’t careful. What’s even more alarming is the Saved passwords option was checked by default on the redditor’s device, and Chrome didn’t bother with confirmation, alerts, or two-factor authentication requests of any kind before deleting the critical data.

On my device, the option wasn’t checked, perhaps because I was careful to uncheck it sometime prior and Chrome remembered my preference, but PuinikaWeb founder Himanshu Arora lost all his passwords trying to reproduce the issue. Another redditor has since created a Chromium issue report where a Google staffer acknowledged the issue and promised the company would remove the toggle. Until that change reaches users, we strongly suggest you switch to a dedicated password manager, especially if you rely on GPM to create strong passwords or store passkeys for you.