It’s often disconcerting and scary to have all your browsing data synced to Chrome. What if your Google Account credentials are compromised? That would put all personal data in jeopardy, be it your credit card info, sensitive auto-fill data, or banking passwords. And hearing about Google’s privacy-related scandals doesn’t make things any easier on the mind either.
But what if you could deploy an additional layer of encryption to your personal data? That would make a world of difference, right? Thankfully, that’s where Chrome’s lesser-known ‘sync passphrase’ feature comes into the picture. So let’s check out how it works, and then go through all the relevant stuff that you need to know before you start to use one.
The Case For Sync Passphrases
Whenever you sign into Chrome, it readily begins to sync your browsing information with your Google Account. You can then access the data on any other PC or Mac, as well as on Android and iOS mobile devices. It’s pretty convenient to have that happen. Very few browsers offer such multi-platform sync capabilities, and Chrome excels at providing a seamless experience.
However, this poses huge vulnerabilities concerning security, especially since you only have your Google Account password to protect your data. While you can opt for 2-Step Verification to safeguard your account against unauthorized sign-ins, the chances of compromising your account through a potential security loophole are ever omnipresent.
But regardless of whether you use 2-step verification for your Google Account or not, the 'sync passphrase' can go a long way towards the security of your personal information in particular. Set one up, and you need to insert it whenever you want to sync data to Chrome on a new device — consider it a master passcode that only you know.
The passphrase completely encrypts your data on Google's servers, which means that not even Google can read it. And if your account is compromised, the sync passphrase works in a way that makes it impossible for anyone to get their hands on your data. But how?
The passphrase completely encrypts your data on Google's servers, which means that not even Google can read it
For a moment, imagine a hacker using your Google Account credentials to sign in from somewhere. Syncing with the cloud requires the passphrase and the hacker wouldn't know it. That means your data is safe. But what if the hacker chose to remove the passphrase?
However, that action alone causes all synced data on the Google servers to be deleted automatically while also signing Chrome out of all of your devices. Thus, your data is still safely available on each one of your devices, while the hacker gets nothing.
Sounds pretty neat, right? And except for a few minor reasons that you'll find out next, there's really no reason why using a sync passphrase shouldn't be a top priority.
Also on Guiding Tech
Things You Should Keep in Mind
While using a sync passphrase enhances the security of your synced data tremendously, Chrome does start to function slightly differently once you’ve set one up. The following checklist should help you figure out what changes to expect.
1. Browsing History Won’t Fully Sync
Any sites you visit through Google's search results won’t show up in the History panel of other synced devices. That is pretty strange and might be a potential deal breaker if you rely on the feature a lot. However, sites that you visit directly (by typing in the URL), as well as any search queries and active tabs, do sync normally.
Tip: As a workaround to this issue, consider bookmarking any pages that you want to visit via another device later on.
2. Can’t Check Google Passwords Online
Since Google itself can’t decipher your passwords thanks to the additional encryption applied by the passphrase, you can no longer use the Google Passwords page to check them online.
3. No Personalized Google Feed
Any form of Google feed — Chrome suggested articles, Google Discover feed, etc. — won’t display suggestions related to sites that you visit on Chrome. However, you should still be able to see content based on sites that you’ve surfed before adding the passphrase.
4. Use Passphrase on Every Device
Chrome requires you to to use the same passphrase on every device to sync your browsing data. You can’t just apply it to the devices that you want. Of course, you can still sign in without inserting a passphrase and use the device with no sync capabilities, but that defeats the whole purpose.
5. Smart Lock for Passwords Won't Work
You won’t be able to rely on Google’s Smart Lock for Passwords feature to sign into apps on Android automatically. Once again, this is caused by Google's inability to decrypt your passwords outside of Chrome.
Setting Up a Sync Passphrase
Setting up a sync passphrase on Chrome is pretty easy, and can be done on any one of your devices. However, once you create a passphrase, you then need to apply it to your other devices as well for a complete sync experience. The following steps should show you how to switch to using sync passphrase on both desktop and mobile.
Step 1: Open the Chrome menu, and then click Settings.
Step 2: Under the People section, click Sync.
Note: On mobile, tap your profile picture first, and then tap Sync on the subsequent screen.
Step 3: Scroll down to the Encryption Options section (on mobile, tap Encryption), and then click the radio button labeled Encrypt Synced Data With Your Own Sync Passphrase.
Afterward, insert a passphrase into the fields labeled Passphrase and Confirm Passphrase, and then click Save.
Step 4: Now that you've created the passphrase, you need to insert it to your other devices running Chrome. Simply launch the browser, and you should be prompted to add the passphrase either in the form of a push notification or pop-up message.
Step 6: Add your passphrase, tap Submit button, and you should be good to go.
Once you've added the passphrase to all of your devices, your synced data is now secure.
Also on Guiding Tech
Resetting or Removing a Sync Passphrase
If you’ve forgotten your sync passphrase, or if you want to switch back to the way that things were, then all you need to do is to reset Chrome Sync. It's pretty easy to do that, and you don't have to go through any verification procedure to remove or change the passphrase. But as mentioned earlier, that doesn't indicate any problem in security whatsoever.
Do note that the reset procedure deletes all synced data from the Google servers, and you are also forcibly signed out of Chrome on all devices. That stops unauthorized individuals from re-syncing your data from the cloud after a reset. And since any local data isn’t deleted from the devices, you should be able to start syncing once you sign in again.
Step 1: On the Encryption Options section of Chrome (or after tapping Encryption on mobile), click the link labeled Reset Sync.
Step 2: Scroll all the way down, and then click the button labeled Reset Sync.
Step 2: Click OK on the confirmation box.
Step 3: Wait for a moment while Chrome deletes data synced on the Google servers. However, it does not delete the locally stored data.
Step 4: You should be prompted to turn on Chrome Sync. Do it.
Step 5: Head over to Chrome's Settings panel on your other devices, and then sign back into the browser.
Chrome has now reverted to syncing your data without a passphrase. If you want to set up a new passphrase, you need to head over to the Encryption Options section on the browser, and then start over from scratch.
Also on Guiding Tech
Should You Switch to Using a Passphrase?
As you saw, passphrases provide a much-needed security advantage when it comes to personal information. Even with compromised account credentials, the chances of anyone retrieving your passwords and other sensitive data is pretty slim. Of course, provided that you do a good job at setting a strong passphrase and protecting it in the first place.
So, will you take the plunge and start using sync passphrase? Before you do that, we recommend updating your Chrome browser to the latest version 70 which doesn't force you to log in with Google account right after installation.