3 out of 10 password managers aren't secure enough, including Chrome's

The BSI, the German government agency focused on IT security, has issued a harsh verdict on some password managers. It examined ten of them and concluded that three are not secure enough. With Google Chrome, mSecure, and PassSecurium, vendors can theoretically access stored passwords. In any case, the use of a password manager is essential, according to the institute.

The Bundesamt für Sicherheit in der Informationstechnik (BSI) conducted an extensive analysis in collaboration with the FZI Research Center for Information Technology. Of the tools examined, three providers could theoretically access passwords: Google Chrome Password Manager, mSecure Password Manager, and PassSecurium. In the case of SecureSafe PasswordManager and S-Trust Password Manager, the BSI was unable to assess whether providers had access.

Safer alternatives exist

Five password managers do not allow providers to access the data: 1Password, Avira Password Manager, Keepass2Android, KeePassXC, and Mozilla Firefox Password Manager. “If the password manager stores data in the cloud, users need to find out where the storage location is and the level of protection offered by the provider,” according to the BSI.

The study also reveals other shortcomings. Only four of the ten tools examined use completely secure, correctly configured cryptographic algorithms in accordance with the BSI TR-02102-1 guideline. Eight password managers do not perform a complete re-encryption of the container after changing the master password.

Chrome requires additional action

In the case of Google Chrome, the tech company can have access when synchronization is enabled without a separate passphrase. Google confirmed this to the BSI. “When synchronizing via their Google account, users should set a separate passphrase in the settings,” advises the German government agency.

The BSI emphasizes that password managers are crucial; however, it is now clear which options are preferred by the German institute. “The recommendation is clear: password managers are an essential tool and can be an important aid in the digital lives of many users.” Reusing weak passwords leads to greater vulnerabilities to phishing than the shortcomings of individual products.

The institute published a comparison table in which all password managers examined are compared in terms of security features. Users can use this to investigate for themselves which tool meets their requirements. After the study, almost all of the manufacturers involved entered into discussions with the BSI about the findings, which, according to the institute, has already led to improvements.

Expert Talks

Tech calendar

3 out of 10 password managers aren’t secure enough, including Chrome’s

Safer alternatives exist

Chrome requires additional action

Stay tuned, subscribe!

NetSuite Next brings AI-first transformation to the ERP platform

NetSuite founder reveals AI transformation 5 years in the making

Redgate database management strengthens the bridge between people and technology

SAP's AI migration tools from ECC to S/4HANA: faster and cheaper ERP transitions

Nutanix CTO explains their VMware alternative and multi-cloud strategy

Salesforce reveals its own Agentic IT Service Platform

How VMware VCF 9 and Tanzu simplify enterprise automation

How our team optimizes infrastructure for minimal AI video processing latency

Redefining the Software Development Lifecycle in the Age of AI

AI Integrity: The Invisible Threat Organizations Can’t Ignore

Three Ways Secure Modern Networks Unlock the True Power of AI

Appdevcon

Webdevcon

Dutch PHP Conference

GITEX ASIA 2026

SAS Innovate 2026

Team '26

Experience Synology’s latest enterprise backup solution

How to choose the right Enterprise Linux platform?

Enhance your data protection strategy for 2025

Strengthen your cybersecurity with DNS best practices