Skip to content
A MODEST STEP FORWARD

Google Password Manager finally syncs to iOS—here’s how

Chrome for iOS no longer syncs solely to iCloud.

Dan Goodin | 38
The Google Password Manager logo Credit: Google
The Google Password Manager logo Credit: Google

Late last year, I published a long post that criticized the user unfriendliness of passkeys, the industry-wide alternative to logging in with passwords. A chief complaint was that passkey implementations tend to lock users into whatever platform they used to create the credential.

An example: When using Chrome on an iPhone, passkeys were saved to iCloud. When using Chrome on other platforms, passkeys were saved to a user’s Google profile. That meant passkeys created for Chrome on, say, Windows, wouldn’t sync to iCloud. Passkeys created in iCloud wouldn’t sync with a Google account.

GPM and iOS finally play nice together

That headache is finally over. Chrome on all platforms now uses the Google Password Manager, a tool built into Chrome, to seamlessly sync keys. GPM, as it’s abbreviated, will sync passkeys to all Chrome browsers logged in to the same user account. I’ve spent a few days testing the new capabilities, and they mostly work hassle free. The tool can be accessed by opening this link in Chrome.

Ars Video

 

GPM allows me to log in to passkey-protected accounts not just in Chrome, but also in standalone iOS apps such as those from Kayak, eBay, or LinkedIn. When creating a passkey in a standalone app, I now get the option to sync it through either GPM or iCloud. That means the same passkeys I created on Chrome for Android, Windows, or macOS work out of the box on my iOS apps. These passkeys are synced using end-to-end encryption, as mandated by the FIDO specification, which is maintained by the FIDO Alliance.

Creating a passkey on the Kayak app and syncing with GPM.
Creating a passkey on the Kayak app and syncing with GPM.
Using GPM to log in to the LinkedIn app for iOS.
Using GPM to log in to the LinkedIn app for iOS.
When saving a passkey, Chrome allows users to choose where to sync it.
When saving a passkey, Chrome allows users to choose where to sync it.
Creating a passkey for Kayak.
Creating a passkey for Kayak.

The first step to using GPM on iOS is to enable it in the iOS settings menu, specifically, Settings > General > Autofill & Passwords, and then flip on the Chrome option. The next time Chrome is invoked to work with a passkey, the user will be prompted for a PIN. Those already using a Pixel can enter the unlock code for that device. Those without a Pixel will have to select a PIN.

“If the first passkey for Google Password Manager is created on desktop, Chrome asks to create a Google Password Manager PIN and it will be used,” a Google tutorial explains. “The user needs to sign in to their Google Account and enter their Android device screen lock or Google Password Manager PIN to decrypt a synced passkey on a new environment.”

There’s no lock in with GPM. I configured an iPhone to autofill from both Apple Passwords, the new interface for working with iCloud Passwords, and Chrome. From then on, I got the option to use either when saving passkeys in both Chrome or in standalone apps.

GPM provides a modest step forward in simplifying passkey storage and syncing. Third-party apps such as 1Password and Dashlane have already provided this level of convenience. Unfortunately, there are still no ways to transfer passkeys in bulk from one app to another. This is a major shortcoming, since GPM, Apple Passwords, and most other password managers already allow passwords to be imported or exported, making it easy to move from one to another. The FIDO Alliance says passkey transfer capabilities are in the works.

Photo of Dan Goodin
Dan Goodin Senior Security Editor
Dan Goodin is Senior Security Editor at Ars Technica, where he oversees coverage of malware, computer espionage, botnets, hardware hacking, encryption, and passwords. In his spare time, he enjoys gardening, cooking, and following the independent music scene. Dan is based in San Francisco. Follow him at here on Mastodon and here on Bluesky. Contact him on Signal at DanArs.82.
38 Comments
Prev story
Next story