Passwords disappear for millions of Windows users thanks to Google

Google Chrome Password Manager with Suspicious Fry
(Image credit: Future)

What you need to know

  • A bug in Chrome version 127 caused passwords to vanish for around 15 million Windows users. The issue lasted for nearly 18 hours before being fixed.
  • Users had to use a command line flag as a temporary fix, but the final solution required just a browser restart (yes, turn it off and on again!).
  • This incident highlights the risks of relying solely on browser-based password managers.

To put it bluntly, it's not been a great month for tech giants. Earlier this month, the CrowdStrike bug brought many businesses to a complete standstill and left millions facing the Blue Screen of Death, causing disruption many are still recovering from following postponed flights and surgeries, to name just a few inconveniences.

Well, not to be left out, Google had to cause its own chaos, according to this report from Forbes. Windows users clearly haven't suffered enough and an estimated 15 million of them were locked out of their own passwords for nearly 18 hours from July 24 to July 25 due to "a change in product behavior" with Google Chrome. 

Chrome's Password Manager — not a failsafe

The specific problem affecting Windows users was with Google Password Manager. With Chrome boasting more than 3 million users, there are a hell of a lot of people reliant on this feature. I count myself among them, and I wouldn't be able to access many sites I use on a daily basis without Google Password Manager remembering all of my convoluted passwords.

The issue, limited at least somewhat to the M127 version of the Chrome browser on Windows, prevented users from accessing previously stored passwords and rendered new passwords completely invisible. While limited to this specific update, that's still a huge chunk of users, which Forbes predicts to have been around 15 million.

At the time, there was a workaround, but not one most end users would be comfortable implementing as it involved launching the browser with a command line flag. This issue, which has now been fixed, now simply requires a browser restart, but it took up to 18 hours to get fixed. Google extended its apologies to customers, saying “We apologize for the inconvenience this service disruption/outage may have caused.”

Rethinking my dependency on Google Chrome password manager

(Image credit: Bitwarden)

Thankfully, I wasn't one of the users affected by the error, but it has got me thinking; perhaps being solely reliant on Google Password Manager alone for pretty much every single website I use isn't the brightest idea. I've passwords for everything from work to government websites I use for childcare subsidies, all dependent on my belief that password manager will always 'just work'. I've used apps such as Keepass in the past, but Bitwarden is probably the most popular free encrypted password database right now, with paid options from Nordpass being even higher rated. Either way, if you are as dependent on a password manager as I am, it's probably best not to store everything in one and one alone, especially in this age of tech mishaps. Unfortunately, I can't just set my password as P@$$word for everything, so I'll be checking out our friends at Tech Radars' guide to the best password managers to choose a backup and advise you to do the same! 

Jennifer Young

Jen is a News Writer for Windows Central, focused on all things gaming and Microsoft. Anything slaying monsters with magical weapons will get a thumbs up such as Dark Souls, Dragon Age, Diablo, and Monster Hunter. When not playing games, she'll be watching a horror or trash reality TV show, she hasn't decided which of those categories the Kardashians fit into. You can follow Jen on Twitter @Jenbox360 for more Diablo fangirling and general moaning about British weather. 

  • fjtorres5591
    For online I use two different browsers and their password managers: Edge on Windows, Android, and Fire Tablet and Silk on Fire. And every few months I copy the updated passwords to an encrypted text file backed up in three places.

    For email, I use (at least) three addresses, one of which is for "free" online sites, one for ecommerce, and one (paid) for critical stuff.

    (The recent wave of Amazon "Prime" scam emails stand out right away by arriving to the wrong address.)

    I *never* use Google Chrome or search and Gmail only for google apps on phone.
    I neither trust nor like Google.

    Paranoia is a survival trait.
    Reply
  • Laura Knotek
    Chrome is my default browser, but I use Enpass as my password manager for all my devices.
    Reply
  • adventurousAddition65
    I use a self-hostet Vaultwarden instance wich can be used on basically all my devices and browsers. As a failsafe I also have simple but encrypted json backups on a separate (offline) device.
    Reply
  • JimFromIL
    I use 1password and NO browser based pw managers.
    Reply