Chrome Application in iOS Eliminates All Stored Passwords
Certain security measures can sometimes be hard to comprehend. When Google announced it was eliminating certain Gmail accounts due to security concerns, that was pretty straightforward. Similarly, the new tracker alert security feature for Android users is commendable. But when the latest version of the Chrome app for iOS incorporates a feature that deletes all saved passwords from its vault in a single click, I must admit, I'm a bit at a loss as to the reasoning behind it, other than "because we can and Apple can't." Here's what you need to know.
Google Chrome App to Eliminate All iOS Passwords with a Single Click
An experimental feature in the Google Chrome app for iOS, currently available in the canary version, now allows all passwords to be deleted from the Chrome vault with a single click. This update to the Chrome app's password manager functionality was discovered by Rafly Gilang, a technology reporter at MSPowerUser. The feature can be activated by enabling the "Delete all saved passwords in GPM" flag in Chrome Canary, according to Gilang. Upon activation, a "delete all" button appears within the Google Password Manager settings, allowing users to permanently erase all passwords, passkeys, and associated data with a simple tap.
The related commit posted to the Chromium source code forum confirms that the new function is part of the overall effort to support deleting all passwords within the Google password manager.
Why Would Google Encourage Deleting All Passwords at Once?
The question arises, however, as to why Google would promote this feature. One possibility, as Gilang suggests, is that it gives Chrome on iOS an advantage over Apple's Safari, which currently does not have this capability. While this explanation is plausible, it does not explain the security reasoning behind it. The usability aspect does come into play, as deleting all traces of an old password vault when switching to a new manager would undoubtedly be beneficial and improve security. However, if the option is too complex or absent, users might leave the data, potentially doubling the password attack surface.
Arguments have been made that this feature could also be beneficial in the event of a suspected password database breach. However, I find this claim unconvincing, as if the database is breached, an attacker already has the data, which is encrypted anyway, making the nuclear delete option redundant. Furthermore, deleting all passwords without backup is risky and extreme.
I have reached out to Google for an official explanation of their security thinking behind this feature and will report back as soon as I receive a response.
- To activate the feature, users need to enable the "Delete all saved passwords in GPM" flag in the Chrome Canary version of the Chrome app for iOS, as suggested by Rafly Gilang.
- The latest version of the Chrome app for iOS now includes a feature that deletes all saved passwords from the Chrome vault with a single click, thanks to an experimental update to its password manager functionality.
- Google Password Manager, part of Chrome, now allows iOS users to delete all saved passwords, passkeys, and associated data permanently, using a simple tap on the "delete all" button.
- While the reason behind Google encouraging the deletion of all passwords at once remains unclear, one possible explanation suggested by Gilang is that it gives Chrome on iOS an advantage over Apple's Safari, which currently does not have this capability.
- Google's move to incorporate a feature that wipes all passwords from its Chrome app's password manager on iOS raises questions about the reasoning behind it, especially when considering the potential risks of deleting all passwords without backup.
