2.6.1 Ensure 'Enable saving passwords to the password manager' is Explicitly Configured

Information

Google Chrome has a built-in password manager to store passwords for users. Chrome will use local authentication to allow users to gain access to these passwords.

The recommended state for this setting is: Explicitly set to Enabled (1) or Disabled (0) based on the organization's needs.

NOTE: If you choose to Enable this setting, please review Disable synchronization of data with Google and ensure this setting is configured to meet organizational requirements.

Rationale:

The Google Chrome password manager is Enabled by default and each organization should review and determine if they want to allow users to store passwords in the Browser. If another solution is used instead of the built in Chrome option then an organization should configure the setting to Disabled.

Impact:

Organizationally dependent.

Solution

To establish the recommended configuration via Group Policy, configure the following setting to meet organizational requirements:

Computer Configuration\Polices\Administrative Templates\Google\Google Chrome\Password manager\Enable saving passwords to the password manager

Default Value:

Unset (Same as Enabled, but user can change)

See Also

https://workbench.cisecurity.org/benchmarks/8691

Item Details

Category: SYSTEM AND INFORMATION INTEGRITY

References: 800-53|SI-8, CSCv7|4.8

Plugin: Windows

Control ID: e8d92d7b60e96e4bc5970df0053e4a32483a7475c6d92e55bc75018304b69cd1