Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Data Protection

Autofill Through Biometric Authentication Coming to Chrome

Google this week announced a series of security and ease-of-use improvements for the Autofill feature in Chrome.

Designed to help users fill in forms in a secure manner, everywhere on the web, Autofill is about to become more secure when it comes to credit card numbers, Google says.

Google this week announced a series of security and ease-of-use improvements for the Autofill feature in Chrome.

Designed to help users fill in forms in a secure manner, everywhere on the web, Autofill is about to become more secure when it comes to credit card numbers, Google says.

For those users who save credit cards in their Google Accounts, Chrome typically asks for confirmation when autofilling a form.

Until now, users needed to provide their CVC to confirm they allow the operation, but moving forth biometric authentication, such as a fingerprint, can be used for confirmation.

Thus, users will need to provide the CVC only the first time they use the credit card, while for the following transactions the credit card will be confirmed solely through biometrics.

“Biometric authentication is optional. You can choose to confirm your card with its CVC and you can also turn this feature on and off in Chrome Settings at any time,” Google explains.

The Internet giant also explains that Chrome leverages the W3C standard WebAuthn to ensure that users are securely enrolled for biometric authentication and that users should rest assured that their data is safe.

“Biometric information never leaves your device,” the company says.

The feature has been rolled out to Windows and Mac and is expected to arrive on Chrome for Android in the coming weeks.

Another feature coming to the Android version of the browser is new touch-to-fill functionality for passwords. Thus, Chrome’s password manager will automatically present the saved accounts for the accessed website, for increased convenience.

“It allows for one-handed sign-in without requiring you to scroll to the respective form fields to choose an account,” Google says.

Using a password manager such as the one integrated in Chrome should also help users avoid phishing attacks, as the technology suggests sign-in options for legitimate sites only, but not for phishing pages.

Related: Chrome 84 Brings 38 Security Patches, Resumes CSRF Protection Rollout

Related: Cisco Discloses Details of Chrome, Firefox Vulnerabilities

Related: Tens of Malicious Chrome Extensions Used in Global Surveillance Campaign

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Application Security

Many developers and security people admit to having experienced a breach effected through compromised API credentials.

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.

Identity & Access

Strata Identity has raised $26 million in a Series B funding round led by Telstra Ventures, with additional investment from Forgepoint Capital, Innovating Capital,...

Application Security

Electric car maker Tesla is using the annual Pwn2Own hacker contest to incentivize security researchers to showcase complex exploit chains that can lead to...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Compliance

The three primary drivers for cyber regulations are voter privacy, the economy, and national security – with the complication that the first is often...