Google Chrome for iOS and Android will check if newly saved passwords have been compromised
Google Chrome is one of the most popular browsers around for both desktop and mobile devices, hovering around at 65% market share at any point in time. Chrome has a lot of focus on user security, and one of the newest features arriving to the browser on Android and iOS is the ability to spot compromised passwords within passwords saved on Chrome, and then offer users advice on how to fix them.
Improved Password Security
Google is rolling out improved password security on Google Chrome for Android and for iOS devices, promoting the same feature that we have seen previously in the Canary branch. The browser already offers the ability to save your passwords in an encrypted format. Google will now leverage this feature to offer the ability to crosscheck saved credentials against lists of credentials that are known to be compromised. Google claims that usernames and passwords are sent to the company using a special form of encryption, so even Google cannot derive your username or password from this encrypted copy. Once a compromised password has been spotted, Chrome will offer users an option to directly go to the right “change password” form.
Other improvements coming in Google Chrome 86
While compromised password checking rolls out today, Google also has a few more security-focused improvements in store for Chrome 86 release:
- Chrome’s Safety Check feature will also be coming to mobile, making it easier for users to check for compromised passwords, enabling Safe Browsing, and checking whether the version of Chrome the user is running is up to date or not.
- Chrome on iOS will also get the ability to autofill saved login details into other apps and browsers. This will be preceded with biometric authentication.
- Enhanced Safe Browsing will be making its way to Android. Users can choose to be proactively protected against phishing, malware, and other dangerous sites by sharing real-time data with Google’s Safe Browsing service.
- Mixed form warnings are coming to desktop and Android, warning users before submitting a non-secure form that is embedded in an HTTPS page. It will also block or warn on insecure downloads initiated by secure pages, but limiting itself currently to commonly abused file types. In the future, secure pages will only be able to initiate secure downloads of any type.