You have dozens of user accounts on different websites and there is a high chance that you use a combination of two or three passwords on all of them (if not more). There are different ways to remember complex passwords, but I prefer to not remember them at all. I believe in the theory that the most secure password is the one which you can never remember, no matter how many times you type it manually.
Using a password manager solves this problem of remembering passwords but most novice users take the easy route – save all usernames and password combinations in the browser itself. Google Chrome and Firefox already comes with browser sync, so there is practically no need to remember a password at all.
The problem however, is that users seldom choose a strong, alphanumeric password, while using a sign up form. They will either type in some phone number, a pet’s name or an already chosen password string, which is not a very secure affair. A password is your identity and in the ideal case, it should never be a perfect match with any other password which you have used on another website.
What if your browser can generate a very strong password string for you, whenever you use a sign up form on any webpage? That way, you can save the auto-generated password in the browser itself without having to compromise with a weak password string.
According to a project page at Chromium projects, Google Chrome will soon get a secure password generator for webpages and sign up forms. When Google Chrome generates strong alphanumeric passwords and saves it via browser sync, chances of getting hacked via phishing sites or hacked login forms is reduced considerably.
It works like this. If Google Chrome determines that you’re on a sign up page, it will add a small UI element next to the password field. When you click the UI element, an auto-generated password will be shown, you can either use it or re-generate a new password in the same UI. Next, a small pop up box will ask for confirmation if you want Google Chrome to manage this password using Chrome sync.
There are a couple of catches though. For example, this method won’t secure your older passwords which you have already saved in Chrome preferences. Second, if a website has disabled autocomplete on its sign up form (e.g online banking sites), this method is not going to work at all.
Worst case is when someone hacks into your Google account and turns on Chrome sync via your Google account on his computer. He will automatically get access to all your online accounts in one instant, which is why I never use or recommend saving username and passwords in a browser.
This feature is currently under development and is not incorporated in the latest version of Google Chrome.