Google Chrome password manager gets new safeguards for your credentials


Google Chrome is getting new security-enhancing features for the built-in Password Manager, making it easier for users to manage their passwords and stay safe from account hijacking attacks.

The Chrome Password Manager is an integrated part of Google’s services that can manage and autofill credentials on the Chrome browser and other Google software products, syncing the login information across all apps used by the same Google Account.

Although storing account credentials on the web browser makes them susceptible to theft and decryption from information-stealers (malware), users following sound security practices can enjoy the convenience of Google Password Manager with minimal concern.

Today, Google announced five new and already available features that further empower the security of data stored in its Password Manager and set safeguards that protect users from exposure to risks.

The first new feature is the addition of a dedicated desktop shortcut for Google Password Manager, allowing users to quickly access and manage all their stored account credentials, modify autofill settings, and more.

Stored passwords management
Stored passwords management (Google)

The second addition is the introduction of biometric authentication on the desktop, which has so far been available only on mobile platforms.

This will enable users to set an extra layer of security by requiring additional biometric or Windows Hello authentication, such as fingerprints or facial recognition, before the password manager will auto-fill a site’s credentials.

Biometric authentication prompt
Biometric authentication prompt (Google)

Another new “quality of life” feature is the ability to save custom notes with each of your saved logins, allowing you to save other information required to log in to an account.

For example, some websites require additional information to log in, such as security questions or PINs, which can now be saved in the notes.

Custom note under a saved login
Custom note under a saved login (Google)

The fourth feature promoted by Google is the ability to import passwords from other password managers, which can now be done by exporting a CVS file from the old tool and importing it on Chrome.

Google Chrome currently supports importing passwords from Edge, Safari, 1Password, Bitwarden, Dashlane, and LastPass.

Importing the CVS file from Chrome's settings menu
Importing the CVS file from Chrome’s settings menu (Google)

Finally, the Password Checkup tool that alerts users when their account credentials match known to be exposed passwords will now flag weak and reused passwords, too, on the mobile Chrome iOS app.

Enhanced Password Checkup on iOS
Enhanced Password Checkup on iOS
​​​​​​​(Google)

It should be noted that storing passwords in your web browser brings additional risk, as these credentials are commonly sought and stolen by information-stealing malware.

These malware infections will scan for installed browsers, access the browser’s database, and steals these credentials for further attacks or to be sold on dark web markets.

However, even with these risks, many people continue to use their browser to store credentials due to its ease of use, and in many cases, the constant prompts to save passwords.

Therefore, any enhancements to the security of Google Password Manager are welcomed and poised to improve the safety of millions of accounts.



Source link