Problem:
Google Chrome optionally saves login credentials for web sites. While convenient, in some circumstances this may prove to be a security risk. In particular, if Chrome is signed in to a Google account, credentials will synchronize across all devices running Chrome on that account. If another user has access to one of those devices they may be able to log in automatically with saved credentials they were not intended to have.
Solution:
Chrome’s Settings menu provides a means to remove individual login credentials, or clear all of them entirely.
Procedure:
- Click the Chrome menu button (three vertical dots or lines at the right end of the toolbar).
- Click Settings.
- Scroll down and click the Advanced drop-down.
- Scroll down to “Passwords and forms.”
- Click “Autofill settings” and either turn it off or remove saved addresses and credit cards.
- Click the Back button in the top left, then click “Manage passwords.”
- Either turn the feature off, turn off Auto Sign-in, or remove from the list of saved passwords.
- The list under “Never Saved” is a list of web sites for which Chrome has been told never to save a password. In the future, when signing in to a web site it is safest to instruct Chrome never to save a password for that web site.
Limitations:
Other data (primarily bookmarks) will still be synchronized as long as a Google account is attached to a given instance of Chrome. The account can be signed out using the Chrome settings as well.