How on-device encryption helps protect your data
What does encryption mean?
Password and passkey encryption at Google
How it works
What it means
On-device encryption and your data
How it works
What it means
Things to consider
The difference between on-device encryption & sync passphrase
On-device encryption and sync passphrase increase the privacy of the data you sync to Google.
On-device encryption applies to your passwords and passkeys only. Sync passphrase applies to all of the data that you sync to Google via Chrome.
On-device encryption lets you set up multiple ways to lock and unlock data, like your passwords or passkeys, making it less likely you will lose access to your data.
With sync passphrase, you choose a phrase to lock and unlock your data. You will lose access to your data if you forget your sync passphrase. Learn more about how to keep your info private with a sync passphrase.
How standard password encryption works
Today, your saved passwords are encrypted while they’re sent over any network and when they’re saved to Google. The encryption key, used to access your passwords, is safely stored in your Google Account. Google then uses this key to access (decrypt) your passwords when:
- You access them on passwords.google.com, on your Android devices, or in Chrome settings.
- Your passwords get checked for security issues in the Password Checkup.
How on-device encryption works
When on-device encryption is set up, data like your passwords can only be unlocked on your device using your Google password or the screen lock for an eligible Android device, and passkeys can only be unlocked on your device using the screen lock for an eligible Android device. With on-device encryption, no one besides you will be able to access your encrypted data.
Get started
Important:
- Once on-device encryption is set up, it can’t be removed. Over time, this security measure will be set up for everyone to help protect password and passkey security.
- If you lose access to your Google Account, you risk loss of access to your saved passwords or passkeys. Keeping your account recovery phone number and email up-to-date can help regain access to your account if you can't sign in.
Set up on-device encryption for your data on Android
-
Go to passwords.google.com.
- Tap Settings .
- Under "On-Device Encryption," tap Set up.
Set up on-device encryption for your passwords on Chrome
- In your Chrome browser, at the top right, select More Settings Google Password Manager.
- Tap Settings Set up on-device encryption.
How to access your passwords or passkeys on a new device
In most cases, you can automatically access data like your passwords on a new device when you sign in to your Google Account. For passkeys, we ask you for your screen lock before you can access your encrypted data.
Access saved passwords on Android- Sign in to your Google Account.
- Turn on Autofill with Google.
- Sign in to your Google Account.
- Turn Sync on in Chrome.
- Chrome may ask you extra steps, like entering the screen lock for your Android device to decrypt your saved passwords.
Recovery options
When you lose access to your passwords
You'll lose all your passwords if you:
- Lose all of your recovery options like your Google password and your screen lock of an eligible device, if you've added one.
- Lose access to every device that’s signed in to your Google Account and has your passwords stored.
If you lose access to your passwords and want to use Google Password Manager again, you need to take these steps to start saving passwords:
- Go to passwords.google.com/encryption/reset.
- Select Turn off.
- Confirm that you want to delete all saved passwords.
Tip: It's optional for you to set up on-device encryption again.
When you lose access to your passkeys
If you can access your passwords but not your passkeys, you need to reset your Chrome server side data. This data includes bookmarks and Chrome settings in addition to your saved passwords and passkeys. For more info on what data Chrome stores, go to Chrome data in your account.
- Go to chrome.google.com/sync.
- At the bottom, select Clear Data.
- On your device, turn Sync on in Chrome.
Tip: It's optional for you to set up on-device encryption again.