Skip to content

A nightmare called Chrome Password Manager

This is the weakest part of Chrome browser and one of the biggest IT fuckups, this world has ever seen! To be honest, I simply thrill, whenever I hear "Chrome Password Manager". Thinking, what in the name of God did they wasted this time?

Who's at the control?

1. There is completely no sync between Password Manager and form's auto-fill module. On some login forms you won't see any auto-fill entries, though Password Manager has some passwords stored for that particular page. On other forms you'll see many auto-fill entries, that does not match passwords for that site. Password Manager is mixing logins and passwords with other auto-fill entries and all of this data across many URLs. On some login forms you can see auto-fill entries that were never entered by you as login or password (they were used in different context and on different site). On other you may find logins and passwords from completely different website. In some situations, auto-fill will remember a login or password that were incorrect (rejected by server).

2. There is absolutely nothing strange (as it happens every day!) that Chrome Password Manager asks you, whether you like to remember just entered password, even for sites, where you have been using that password (and have it stored in PM) for years. It simply forgot, that it asked you the same question hundreds of time before!

3. You have no bloody idea or control, when Chrome will display question, whether to store newly entered password, when it will remember it without asking you or when it will ignore it completely. And -- of course -- you can't delete incorrect entries directly from login or password field. You have to browser through settings, to Password Manager settings and to delete each incorrect entry in fabulous one-by-one manner, loved so much by Google Fucks.

5. On one of my services I had the strangest experience with Password Manager! It turned out, that every time I login to that service, PM fills out login form with an incorrect password. After submitting, the same login page, only with error message, appeared (to repeat login attempt). This time Password Manager filled out form with... correct password. I was able to login without entering password (using Password Manager), as in usual case, only this time I would have to click Login button twice. Always!

Changing or deleting passwords

1. Chrome Password Manager fails completely on changing password. If your password gets changed or expired and you enter new one, Chrome will never ask, if you want to change remembered password. It is completely beyond your control, when Chrome will remember changed password and when won't. You can't even force change by deleting user that pops up from dropdown list of remembered usernames, because - for the reason beyond my imagination - each time you delete such entry, it turns out that it is actually not deleted and still remains there. The only way to change remembered password is to go to Password Manager settings. You, of course, can't change it there, by editing it (sic!). Uncle Google said, that you don't need password edit feature, so you don't need it, right! You have to delete it from there and login again and only then you're finally able to change your password for a particular website.

2. Many times, after manual deletion of a password, and re-entering it, Chrome Password Manager "forgets" to display you bar questioning, if you want to store that particular password. You're logged in, but your newly entered password isn't remembered. Because you have just deleted that passwords and thus entered that site "for the first time" and even so PM didn't show up password remembering notice, this means, that you have absolutely no way to manually change password. You have to wait, re-entering the same password over and over again, until you're enough lucky or until Chrome is enough kind to offer you an option for remembering your password. This of course happens in exactly the same pattern for all passwords, that you're entering for the first time. You have absolutely no way to control, when you will be or won't be asked, whether you want to store particular password. Chrome offers here an annoying, pissing-off, fucked up complete randomness. It is entirely up to it, when it decide that particular password should or shouldn't be remembered.

3. There's even more. Many times it is possible, that even when you delete passwords with above method (directly from Password Manager, using delete "x" button next to each password), it is magically back. I had no bloody idea, why that happened and what circumstances crossed Chrome developers mind, when developing "feature" that brings back passwords manually deleted by user?

Non-typical scenarios

1. In some rare situations, when something suspicious happens on your computer, Chrome can reset your browser settings, including wiping out all Password Manager entries. If you're logged in to your Google Account and have option to sync passwords (or to sync all) enabled, this will also wipe out all passwords stored in Chrome on all your devices. Just like that -- bang! and all your passwords, maybe stored for years, are gone. You got the picture, right? Something (what?) suspicious happens to Chrome on one of your devices and minute ago, without any confirmation from your side, you're waking up with all your passwords removed from all your devices. Brilliant, Google Fucks!

2. Password Manager fails completely on this specific sites, where login is not through form submit, but is using AJAX to verify user. Just like that. If actual form submit isn't part of user verification, then there is no way you would be able to use Password Manager to remember password for that particular site. You're left with manually entering passwords over and over again. This is strange and really stupid, because Password Manager should remember passwords for particular forms and don't care at all which methods these forms uses to send data to server. Apparently, it is not doing so.

3. In some very rare occasions Chrome Password Manager will be stupid enough to remember not the actual password, but... asterisks-only pattern, that appears in password field to mask real password. You don't believe me? Then take a look at following screenshot.

Google Chrome 34 Password Manager actually remembered STARS as password

4. If Password Manager is unable to find login field, it will remember only password for that site. And if more than one user is using the same browser or if you have more than one account, to which you login through the same browser, then you're really screwed up. Password Manager will be, in this case, constantly updating (changing) that remembered password, each time you login with different login. And thus, you'll most likely always have an incorrect password auto-filled. Why is that? Because Google engineers are too stupid to understand, that we also need a confirmation, whether we want to update password already saved for particular site. Chrome only asks, if you wish to remember a password, first time you use it. It never asks, if you want to change that password. It always decides for you. Even, if you type a password incorrectly.

Leave a Reply