To maintain secure password management practices in accordance with RPI IT policies you should not store institutional passwords in personal Chrome profiles, in particular your RCS password and any application passwords with access to RPI sensitive data.

Risks of Storing Institutional Passwords in Personal Chrome Profiles

• Lack of centralized control: IT cannot manage or revoke access to personal Chrome profiles.
• Device syncing: Passwords may sync to personal devices, increasing exposure.
• Mixed use: Users may save institutional credentials in personal accounts by mistake.
• No enterprise-grade security: Chrome Password Manager lacks auditing and access control.
• Credential theft: If a personal Google account is compromised, institutional credentials may be exposed.
• Compliance violations:  FERPA, HIPAA, and institutional data policies.

To protect institutional data, ensure compliance, and maintain a secure computing environment, it is essential to separate personal and RPI business IT usage. This includes how users manage Chrome profiles and accounts:

• Do not log into Chrome with your RPI account on personal devices
• Create and use a dedicated Chrome profile for your RPI account.  
• If you must access a personal account on an RPI device (or vice versa), use Chrome’s Guest Mode to avoid cross-contamination of data.

Passwordless authentication is a secure alternative.  RPI's Single Sign-On systems supports passkeys as an alternative to password-based authentication.  For more information visit ITSSC (must be logged in).

Report any suspected credential compromise to ITSSC immediately.