Google Chrome enterprise admins will soon get a new policy to force custom sync passphrases. The feature was requested in 2017. We found a code change request today which shows the team working on this feature.
Custom Sync Passphrase
Sync passphrase is an optional encryption feature for Chromesync. When you login to Chrome allow it to store and sync all your passwords and bookmarks etc, this feature provides an additional layer of security.
There are two ways of setting up a passphrase. You can either choose to use your own Google account password as your passphrase. The second option is to use a custom word, just like you use a password.
The new enterprise policy that we are discussing today, will allow admins to limit this into just one option, custom passphrase. This is applicable only to enterprise customers, and not regular customers. Here is the feature request:
Feature request to add a policy which allows admins to force their users to enter their own pass phrase and disable the option to sync passwords with Google credentials. This would need to occur at the time of initial Chrome sign-in and force users to chrome://settings/syncSetup if the policy is applied to an existing user.
Now, here is the code change implementing this feature:
Add pref for enforcing custom sync passphrase
Add a pref and a policy key which can be used by enterprise management
to require users to create a custom passphrase to sync their data.
Now, if you are a enterprise Chrome / Chrome OS admin, please drop me a comment, to help me understand the uses of this feature! I believe that a custom passphrase will be a good idea, however, I want to hear expert opinions.