Passwords stored in Chrome are convenient, but they can also expose you to risk. Share your device with someone else, and they can log into any website with saved credentials. At least, they can if you haven’t enabled Chrome’s built-in protections.
On Windows PCs, you can use Windows Hello to lockdown access to your Chrome passwords. When turned on, you’ll have to enter a PIN or use a biometric authentication method (like a fingerprint or webcam) before Chrome will fill in a login form with your user name and password.
Here’s how to enable the feature.
Step 1: Verify that Windows Hello is set up
Already sign into your Windows PC with a PIN code, fingerprint, or facial recognition? You should be able to skip to Step 2. (However, if you don’t see the option for Windows Hello in Google Password Manager’s settings, return to this step.)
In the Windows 10 or 11 start menu, type sign-in options — or open your Settings app and use the search bar to find the sign-in options. Your PC won’t support the biometric methods of Windows Hello authentication without a compatible fingerprint reader or webcam, but a PIN code should be available to set up.
Note: Any Windows Hello method you set up will allow you to log into your PC. If you have concerns about the security of the biometric options, you can stick with just a PIN code — ideally one that’s at least six numbers long.
Step 2: Head to Chrome’s settings
In a Chrome window, click on the three dot icon in the upper right of the screen. Then choose Settings > Autofill and Passwords > Google Password Manager. In the left navigation bar, select Settings.
You can also type chrome://password-manager/settings into the address bar of a Chrome tab and hit enter.
Step 3: Turn on Windows Hello protection
In the Google Password Manager settings, find Use Windows Hello when filling passwords. Click on the toggle to enable this feature, then enter your PIN code or use an alternate Windows Hello method to authenticate the change. The toggle will then move to the right and turn blue.
After you’ve turned on Windows Hello verification, a pop-up window will appear with an authentication check before Chrome will fill in your saved login info. You’ll see it every time you need to log into a website.
PCWorld
How to further protect your passwords
As convenient as keeping passwords in your Google account can be, you can strengthen your security by using an independent, full-fledged password manager. Why? You’re safer from headaches if that Google account is ever compromised or lost.
Plenty of excellent options exist, both free and paid — but the paid options offer nicer perks, like being able to give emergency access to your passwords, more sophisticated forms of two-factor authentication, and easier password sharing. These options can integrate with your phone and PC, so you can still seamlessly create, store, and use your credentials.
That said, if Chrome is the password manager you’re sure to use — and it keeps you from relying on weak and/or reused passwords, listing all of your logins in a plaintext document, or both — then it’s the best one for you. Beyond Windows Hello verification, you can also use antivirus software (like Avast One) to safeguard against malicious apps that try to steal saved browser passwords. But the best defense is securing your Google account with a strong password and two-factor authentication.