Google Chrome Now Warns About Leaked Passwords On Android & iOS
As part of a new update, Google Chrome for Android and iOS alerts you if your saved passwords are compromised. Chrome will also take you to the correct password reset pages for popular websites.
Chrome will check if your passwords are compromised by sending an encrypted copy of your username and password to Google. The company will run it against a list of credentials known to be compromised and let you know if your passwords were part of a security breach.
Your credentials will be encrypted when they’re sent to Google, so the company can’t read your username or password. If a password is compromised, Chrome will guide you to the correct “change password” form through its new “.well known/change-password” URLs. This is a good addition as you’ll directly land on the correct page instead of manually finding the reset page. Google is likely to cover all popular websites with their direct URLs.
The browser is also bringing the Enhanced Safe Browsing to Android, improved password filling for iOS, and mixed form warning to filter non-secure content on otherwise secure pages. Google says that the features are rolling out with Chrome 86.
Enhanced safe browsing was added to the desktop version of Chrome a few months ago, and now it’s coming to Android. If you enable safe browsing, it’ll share real-time data of the sites you’re visiting. This lets Google warn you against any malware on the sites.
For iOS users, Chrome is adding biometric (Face ID/Touch ID) authentication to Chrome Autofill passwords. So if you’re using Google’s autofill for saved passwords, you’ll have to verify yourself first. You can also enable Chrome Autofill in the iPhone’s settings to use it across iOS apps. The feature has been on Android for a while now.
Lastly, Chrome 86 is getting mixed form warnings and download blocking on desktop and Android. The browser will now actively scan for “mixed content,” which means it can identify non-secure forms within secure HTTPS pages. It’ll also block or alert you against mixed downloads, which may be harmful to your device.
Google introduced a similar functionality with its Password Checkup extension for Chrome desktop version. The added support to detect compromised credentials and directly change them is a good initiative. Its an added layer of security, which will make it easier for users to retrieve their accounts rather than lose them altogether.