Chrome 86 Introduce Biometric Authentication For iOS Before Autofilling Password
Password is the first line of defense for our digital lives. Google released Chrome 86 update for Android and iOS that alerts you if your saved passwords are compromised.
To check whether you have any compromised passwords, Chrome sends a copy of your usernames and passwords to Google using a special form of encryption. This lets Google check them against lists of credentials known to be compromised, but Google cannot derive your username or password from this encrypted copy.
Your credentials will be encrypted when they’re sent to Google, so the company can’t read your username or password. If a password is compromised, Chrome will guide you to the correct “change password” form through its new “.well known/change-password” URLs. This is a good addition as you’ll directly land on the correct page instead of manually finding the reset page. Google is likely to cover all popular websites with their direct URLs.
Along with these improvements, Chrome is also bringing Safety Check to mobile which includes checking for compromised passwords, telling you if Safe Browsing is enabled, and whether the version of Chrome you are running is updated with the latest security protections. You will also be able to use Chrome on iOS to autofill saved login details into other apps or browsers.
Chrome 86 is launching a number of additional features to improve user security, including:
Enhanced Safe Browsing for Android
This feature gives chrome users the option of more advanced security protections. When you turn on Enhanced Safe Browsing, Chrome can proactively protect you against phishing, malware, and other dangerous sites by sharing real-time data with Google’s Safe Browsing service.
Improvements to password filling on iOS
For Android Touch-to-fill for passwords feature helps to prevent phishing attacks. Likewise for iOS to improve security, a biometric authentication step before autofilling passwords is introduced.
On iOS, you’ll now be able to authenticate using Face ID, Touch ID, or your phone passcode. Additionally, Chrome Password Manager allows you to autofill saved passwords into iOS apps or browsers if you enable Chrome autofill in Settings.
Mixed form warnings and download blocking
Secure HTTPS pages may sometimes still have non-secure features. To better protect users from these threats, Chrome 86 is introducing mixed form warnings on desktop and Android to alert and warn users before submitting a non-secure form that’s embedded in an HTTPS page.
Additionally, Chrome 86 will block or warn on some insecure downloads initiated by secure pages. Currently, this change affects commonly abused file types, but eventually secure pages will only be able to initiate secure downloads of any type.