I’m using Chrome and Chrome Sync; does Google have access to my passwords?
- Encrypt synced passwords with your Google credentials: This is the default option. Your saved passwords are encrypted on Google’s servers and protected with your Google Account credentials.
With this choice, Google has access to your data .
- Encrypt all synced data with your own sync passphrase: Select this if you’d like to encrypt all the data you’ve chosen to sync. You can provide your own passphrase that will only be stored on your computer.
With this option, Google does not have access to your data, assuming they are being honest about what happens with your passphrase ( what happens if you forget your passphrase makes it clear that they do not store it for your profit ), do n’t have some goggle hole ( or back door ) in their synchronize security, and your passphrase is plug adequate to withstand a animal force undertake by Google ( such a password is possible, but very atypical ) .
You can reduce the opportunity for Google to intercept your passwords by using an offline password coach like KeePass in conjunction with Chrome as your browser. You can remove the opportunity wholly by no longer using Google products ( what if they actually bundled a keylogger with Google Drive or Chrome ? And with Gmail, password reset requests could be intercepted in one direction or another, possibly resulting in Google accessing your accounts, evening if your passwords are uncrackable ).
Read more: A Few Thoughts on Cryptographic Engineering
With Firefox, the security of your data hinges on how batten your Firefox Account password is. If you choose a good password, it should be impossible for Mozilla or anyone to access your passwords. however, this makes the assumption that Mozilla is being honest about how the system works, and there ‘s no agape hole ( or back door ) in their security system. You can add an extra standard of security by running your own private Sync server alternatively of using Mozilla ‘s. Since Firefox is open source and Mozilla has a better cut criminal record regarding privacy than Google does, the likelihood of them trying to compromise your data seems army for the liberation of rwanda lower .
Choose your paranoia degree as you like, and based on your needs. I would n’t use anything Google for Snowden-level needs, but for ordinary-privacy needs, I ‘d go with a passphrase on Google Sync at a minimal ( so that an attacker accessing your Google Account has another level to get through before he has your passwords ) .
besides, note that all of this goes out the window if anyone manages to install a keylogger ( possibly complemented by a screen scraper and sneak click recorder to combat on-screen keyboards ) on your personal computer .