Mishaal Rahman / Android Authority
TL;DR Google Chrome on Android will let you require biometric authentication before autofilling passwords, adding a much-needed layer of security.
This feature closes a loophole, as the existing biometric protection for autofill in Google Password Manager currently only applies to apps, not the browser.
A newly discovered setting explicitly states this protection is “coming soon to Chrome,” finally preventing password autofill without user verification.
Manually entering passwords is a pain, which is why many people use autofill services bundled with password managers to save time. For better security, you should require biometric authentication before autofilling passwords. This prevents thieves who steal your phone from signing into accounts that aren’t already logged in. Unfortunately, Google Chrome on Android currently autofills passwords without any form of authentication, but that will soon change.
If you use Google Password Manager, you may have noticed the “Authenticate with biometrics before filling passwords” option under Settings > Google > Autofill with Google > Preferences. As its name implies, this setting prevents Google Password Manager from autofilling passwords until you verify your identity with your face or fingerprint. Unfortunately, this protection only applies to apps and doesn’t work in web browsers like Google Chrome, even though Chrome uses the same autofill service by default.
Mishaal Rahman / Android Authority
Fortunately, Google is finally addressing this long-standing oversight. Telegram user Micha told us the “authenticate with biometrics before filling passwords” option has disappeared from their Autofill with Google preferences. Instead, they now see a new “Verify it’s you to autofill passwords” option at the bottom of Google Password Manager’s main settings page. Although the toggle has been relocated and renamed, it provides the same protection. However, its new description contains a promising detail: “For added protection, always use your fingerprint, face, or other screen lock when you sign in using autofill (coming soon to Chrome)” My colleague Hadlee Simons also has this new toggle, so he shared the following screenshot with me:
Hadlee Simons / Android Authority
This description confirms that Chrome will soon require your fingerprint, face, or screen lock to autofill passwords. While it’s unclear whether this single setting will apply to Chrome or if the browser will get its own toggle, this is a much-needed security improvement.
... continue reading