At first blush, you may think I’ve lost my mind. Wouldn’t exporting passwords to a text-based CSV file be insecure? Although that may be true, when you want to migrate your passwords from Chrome to a password manager (especially when you have a large number of passwords), the last thing you want to do is rely upon your memory to recall all the URLs, usernames, and passwords. And if you’re migrating away from Chrome–which you might be so inclined to do after reading this piece–you’ll want to export those passwords, such that they can be imported into your password manager of choice.
I’m going to walk you through the process of exporting your password information from Chrome. How you then import that information into your password manager will depend upon the tool you use. Fortunately, many of the better password managers are capable of importing CSV files.
With that said, let’s take care of this.
What you’ll need
You’ll need a working version of Chrome. That’s it. As long as you’ve stored your passwords with that browser, you should be good to.
A word of warning
This exported CSV file stores all your information in plain text. The idea here is to export the file, import it into a password manager, trash the exported CSV file, and then undo the process. If you leave that CSV file on your hard drive, you run the risk of leaving yourself exposed. If you don’t undo Chrome’s ability to export, someone could come along and export the file (more on that danger in a bit). Because of that, it is very important you delete that file after you’ve imported it into your password manager. Or you can always save that file to a USB drive, and then lock that drive up in a safe. Either way you go, make sure to protect that file at all costs.
The first thing to do is enable password exporting. To do that, open Chrome and type chrome://flags/ in the address bar and hit Enter. In the resulting window type Password export in the search field. When the search result appears (Figure A), select Enable from the drop-down.
You will then be prompted to restart Chrome. When Chrome restarts, click on the menu button (three horizontal lines in the upper right corner) and click Settings. In the Settings window, click Advanced and scroll down to Manage passwords. Click the three vertical dots associated with Saved passwords ( Figure B) and then click Export.
When prompted, click the EXPORT PASSWORDS button and save the .CSV file.
You can now import that newly downloaded file into your password manager.
Undoing your work
First off, remember to delete that file or tuck it away for safekeeping. Once you’ve done that, go back to Chrome, type chrome://flags in the address bar, search for Password export, and disable the feature (set to Default). Relaunch Chrome and the feature will no longer be available.
The big caveat
Unfortunately, Chrome no longer allows the browser to use a password for profile locks. Because of this, you might consider deleting Chrome from your desktop, if you are migrating to Firefox for example and aren’t planning on using Google’s browser. Otherwise, someone with the understanding of how to export passwords could gain access to that data by following the above process.
In the end, the last thing you should do is allow Chrome to save your passwords. If you do, and a malicious user has access to your browser, there’s nothing keeping them from exporting your passwords to a file and using them to gain access to your accounts. Lock those passwords away in a password manager, and remove the passwords from chrome (Chrome | Settings | Advanced | Manage Passwords).
Consider this a word of warning.
Subscribe to the Cybersecurity Insider Newsletter
Strengthen your organization's IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices. Delivered Tuesdays and Thursdays