Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Data Protection

Autofill Through Biometric Authentication Coming to Chrome

Google this week announced a series of security and ease-of-use improvements for the Autofill feature in Chrome.

Designed to help users fill in forms in a secure manner, everywhere on the web, Autofill is about to become more secure when it comes to credit card numbers, Google says.

Google this week announced a series of security and ease-of-use improvements for the Autofill feature in Chrome.

Designed to help users fill in forms in a secure manner, everywhere on the web, Autofill is about to become more secure when it comes to credit card numbers, Google says.

For those users who save credit cards in their Google Accounts, Chrome typically asks for confirmation when autofilling a form.

Until now, users needed to provide their CVC to confirm they allow the operation, but moving forth biometric authentication, such as a fingerprint, can be used for confirmation.

Thus, users will need to provide the CVC only the first time they use the credit card, while for the following transactions the credit card will be confirmed solely through biometrics.

“Biometric authentication is optional. You can choose to confirm your card with its CVC and you can also turn this feature on and off in Chrome Settings at any time,” Google explains.

The Internet giant also explains that Chrome leverages the W3C standard WebAuthn to ensure that users are securely enrolled for biometric authentication and that users should rest assured that their data is safe.

“Biometric information never leaves your device,” the company says.

Advertisement. Scroll to continue reading.

The feature has been rolled out to Windows and Mac and is expected to arrive on Chrome for Android in the coming weeks.

Another feature coming to the Android version of the browser is new touch-to-fill functionality for passwords. Thus, Chrome’s password manager will automatically present the saved accounts for the accessed website, for increased convenience.

“It allows for one-handed sign-in without requiring you to scroll to the respective form fields to choose an account,” Google says.

Using a password manager such as the one integrated in Chrome should also help users avoid phishing attacks, as the technology suggests sign-in options for legitimate sites only, but not for phishing pages.

Related: Chrome 84 Brings 38 Security Patches, Resumes CSRF Protection Rollout

Related: Cisco Discloses Details of Chrome, Firefox Vulnerabilities

Related: Tens of Malicious Chrome Extensions Used in Global Surveillance Campaign

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Gain valuable insights from industry professionals who will help guide you through the intricacies of industrial cybersecurity.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

Artificial Intelligence

The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST for post-quantum cryptography has been broken using AI combined with side channel attacks.

CISO Strategy

Okta is blaming the recent hack of its support system on an employee who logged into a personal Google account on a company-managed laptop.

Compliance

The three primary drivers for cyber regulations are voter privacy, the economy, and national security – with the complication that the first is often...

Compliance

Government agencies in the United States have made progress in the implementation of the DMARC standard in response to a Department of Homeland Security...

Email Security

Many Fortune 500, FTSE 100 and ASX 100 companies have failed to properly implement the DMARC standard, exposing their customers and partners to phishing...