Google to Fix Chrome’s Critical Password Security Loophole Soon
Autofill services make filling out passwords simpler. It’s also a good idea to have biometric authentication for better security. This prevents thieves from automatically signing into accounts. Considering Chrome maintains a strong lead among web browsers, it’s a shame that it doesn’t already offer any form of biometric authentication for password autofills. However, there seems to be a positive development now, as Google is working to fix this security loophole in Chrome.
Chrome’s autofill option may soon get biometric authentication
Google Password Manager currently has an “Authenticate with biometric before filling passwords” option in the Autofill preferences. As the name suggests, this is a setting that prevents Google Password Manager from autofilling passwords until the user verifies their identity with a fingerprint or a face. However, this only works for apps and not the Chrome web browser itself.
Google looks to have realized this grave security loophole in the Chrome browser and will fix it soon. A Telegram user, Micha, reportedly told Android Authority that the “authenticate with biometrics before filling passwords” option is missing. Instead, there’s a new “Verify it’s you to autofill passwords” option at the bottom of Google Password Manager’s main settings page. While the toggle’s position and name are different, it offers the same protection. The difference is that now even the browser will require your biometrics to access your passwords.
Google recommends a fingerprint, face, or other screen lock for authentication
Google, in the description, recommends users use their fingerprint, face, or other screen lock when they sign in using autofill (coming soon to Chrome). This confirms that biometric authentication will extend to Chrome shortly.
Back in October, it was reported that Google Chrome wouldn’t allow password autofills if your phone is stolen. This is based on Android’s Identity Check feature, which makes biometric authentication mandatory when the phone is in an untrusted location. However, this feature is yet to be implemented.
