Google Chrome on Android is set to receive a significant security upgrade, requiring biometric authentication before autofilling passwords, addressing a current loophole that leaves the Chrome browser vulnerable.
The impending change was brought to light by a Telegram user, Micha, who noticed the disappearance of the “authenticate with biometrics before filling passwords” option from their Autofill with Google preferences. In its place, a new setting titled “Verify it’s you to autofill passwords” has emerged within Google Password Manager’s main settings.
While the relocated and renamed toggle maintains the same protection for apps, its description hints at the upcoming Chrome integration: “For added protection, always use your fingerprint, face, or other screen lock when you sign in using autofill (coming soon to Chrome).” This suggests that Chrome will soon necessitate fingerprint, facial recognition, or screen lock verification before completing password autofills.
The current lack of biometric authentication in Chrome’s password autofill presents a security risk, potentially allowing unauthorized access to accounts if a device is stolen. The planned update aims to mitigate this risk by adding a layer of security that prevents password autofill without user verification.
It remains unclear whether this single setting will govern biometric authentication for both apps and Chrome, or if the browser will receive its own dedicated toggle. Regardless, the introduction of biometric authentication to Chrome’s password autofill is a welcome development.
This security enhancement aligns with a previous report from October, detailing Google Chrome’s intention to block password autofills if a phone is detected as stolen. That feature leverages Android’s Identity Check, mandating biometric authentication when a phone is in an untrusted location. Although the integration of Identity Check into Chrome is still pending, the newly discovered toggle appears to enable broader protection, irrespective of the phone’s location.
The addition of biometric authentication to Chrome’s password autofill signifies Google’s commitment to bolstering security measures and safeguarding user accounts from unauthorized access.
