Android 6.0 comes with lots of new features and one of those is Smart Passwords. What does Smart Passwords do? Well it takes your passwords and syncs them to your Google Account so you never ever lose them again, ever. It sounds great, right? Google will have all your passwords and everything you use requires a Google account. It’s basically a version of ‘One Ring to rule them all’ that fits our world. The feature unfortunately is turned on by default when you upgrade to Android 6.0. In Android Lollipop a similar feature existed that saved your Wi-Fi password to your Google account. With Android 6.0 it takes things further and stores passwords entered in apps and websites. If that alarms you, here’s where you can turn the Smart Passwords off.
Open the Settings app and scroll down to where you see Google. Do not go to Accounts and tap Google there. In the Personal section of settings, there is a dedicated setting for Google and that’s where you need to go. Inside, you will see all sorts of information that is synced to your Google account. Scroll down to the very bottom of the screen and tap ‘Smart Lock for Passwords’.
There are two options here; the Smart Lock for Passwords saves your passwords for both websites and apps that you’ve signed into to your Google account. This is what you need to turn off to stop passwords from being saved to your Google account.
The Auto sign-in option will allow other apps to use login credentials saved to your Google account to log you in. For example, if you have Facebook installed on your device and you download an app that requires Facebook login, the app will go ahead and use your Facebook credentials and log you right in. You may be redirected when it asks for permission to access information on your Facebook account but if it doesn’t require information and only needs to authenticate you, it’s likely you won’t know it’s done that until you’re already using the app.
The auto sign-in feature sounds scary but it isn’t if you compare it to the Smart Password feature. Auto sign-in relies on APIs that developers will integrate in their apps. Authentication will take place via APIs so what you essentially have to worry about is downloading and installing an app that might be malicious (and those do exist in the Google Play Store) and likely to misuse this feature.
If you do decide to use the feature, it comes with a nice white-list that you can populate with apps you want to exclude from the Smart Password feature. Excluding an app will mean its password is not saved to your Google account.