How Chrome protects your autofill and password data

You can use Chrome to save passwords, addresses and payment information to help you fill out online forms automatically. If you're signed in to your devices, Chrome can also share your saved data across your devices.

How autofill and password management works

Autofill

You can fill out forms on websites quicker with autofill. It's easier to checkout, add delivery details and more. To do this, Chrome sends information about the form fields to Google in order to offer suggestions as you fill out a form. Google sends back predictions that allow Chrome to match your information to the form fields. The data collected and sent to Google includes the basic structure of the form, field names and a hashed version of the site's domain.

When you submit a form, Chrome sends information to Google about the structure and attributes of the form and the types of data that you submitted to help with future predictions. Google uses that information to improve the autofill and Password Manager features and provide the best matching data when you use autofill. In these situations, to keep your data safe, Chrome will:

  • Send generic data like 'first name' instead of the text 'Jessica' or 'username' instead of 'jessy1980'.
  • Add random data to labels and attributes of the form sent to Google. We call this 'adding noise' and it ensures that Google only checks labels and attributes that don't have private data.

If you use Google Pay, Chrome collects information about your computer and shares it with Google Pay to prevent fraudulent use of your payment card. Learn how Google Pay helps keep your data private.

Password Manager

Chrome can help you sign in to sites with saved information from Google Password Manager. Passwords saved for a site may automatically fill when sign-in fields are available.

When you sign in to Chrome with your Google Account, you can:

  • Use passwords stored in your account
  • Create a strong password for new sites at sign-up
  • Save new passwords to your account
How we protect your data

Autofill and Google Password Manager rely in part on the field labels and names chosen by website developers. To prevent accidentally collecting personal data, only obfuscated versions of these are sent by Chrome.

Additional protections are given to specific types of data:

  • Passwords:
    • When you sign in to a site, Chrome can check your password in a privacy-preserving way to know if it's been compromised. This depends on the browser mode and settings that you have on. Learn more about password protections in Chrome.
    • To protect you against phishing attacks, Password Manager matches passwords with the websites that they are meant for, and not sites that look similar.
    • Scrambled strength statistics about your passwords are shared with Google. These allow Chrome to suggest strong passwords that meet the requirements of websites. This data is not tied to your account and is scrambled to prevent information disclosure that could make it easier to guess your password.
    • To protect against unauthorised access to your passwords, when you try to use or manage saved passwords, Chrome may ask to confirm your identity with your Google Account username and password or facial or fingerprint recognition.
    • To keep your saved passwords secure, Chrome uses methods like on-device encryption. These methods depend on your operating system. Details about specific platforms can be found in the Chrome security FAQs.
  • Payment information: Chrome doesn't store full payment information without your permission. For example, if you don’t choose to store a credit card, then Chrome will store the last 4 digits of your card so that it doesn't ask you about the same card again. When you scan your credit card with your phone camera, the information is only stored on your phone. You can also choose to add payment information to Google Pay.
You're in control

By default, autofill and Password Manager are turned on. You can manage autofill and your saved data through your Chrome settings.

You can also delete data like passwords, address and payment information that you use in Chrome.

Important:

  • When you delete your information from Chrome while signed in to your Google Account, it's deleted from your Google Account and all devices where you're signed in.
  • When you delete payment information from Chrome, they aren't deleted from Google Pay. To delete payment information in Google Pay, visit Google Pay.

Tips:

Related resources

Was this helpful?

How can we improve it?
Search
Clear search
Close search
Google apps
Main menu