Natively Autofill Passwords in iOS
Another big benefit to the latest Chrome update? Improvements on how passwords are filled in iOS. If the users enable this ability, they’ll be able to autofill their saved passwords when needed (with an additional biometric unlock required to keep everything secure).
Android users already had this ability, as the Chrome blog post announcing the updates noted:
“We recently launched Touch-to-fill for passwords on Android to prevent phishing attacks. To improve security on iOS too, we’re introducing a biometric authentication step before autofilling passwords. On iOS, you’ll now be able to authenticate using Face ID, Touch ID, or your phone passcode. Additionally, Chrome Password Manager allows you to autofill saved passwords into iOS apps or browsers if you enable Chrome autofill in Settings.”
It’s a nice security feature that also makes life a little easier for users, and comes as part of Chrome’s Safety Check feature set on iOS and Android. In addition to flagging compromised passwords, these features will confirm if Safe Browsing is enabled, and let users know if their Chrome version has the most recent security updates.
Enhanced Safe Browsing
Another Chrome 86 update is one that debuted earlier this year: Enhanced Safe Browsing.
Once turned on, this feature checks users’ visited webpages to verify if they’re potentially phishing, offering malware, or are otherwise unsecured. These predictive phishing measures have already helped drop the number of users inputting passwords in phishing sites by around 20%.
Block Downloads From Less Secure HTTPS Pages
The “S” in HTTPS stands for “secure,” so you could be forgiven for thinking that those pages are themselves secure. But some are more secure than others: Some HTTPS pages can include forms or downloads that operate using the less-secure HTTP protocol.
With its new update, Chrome will block downloads that are over unsecured links, even when on an HTTPS page. At the moment, they’re only blocking “commonly abused file types,” but they plan to roll out additional file types soon.
Coming Soon: Get Warnings for HTTP forms on HTTPS Pages
Chrome also has plans to warn users when it spots a potentially unsafe form, even on an HTTPS webpage. Termed “Mixed form warnings,” the ability isn’t actually out with Chrome 86. Instead, it’ll be arriving with Chrome 87.
First, they’ll flag it with red text underneath the form, saying “This form is not secure. Autofill has been turned off.”
Then, if you choose to go ahead, they’ll offer another warning, a confirmation page that notes, “The information you’re about to submit is not secure” and requires you to click a “Send anyway” button in order to confirm that Chrome has washed its hands of the matter.
That’s it for Chrome’s new security offerings, though there are other noteworthy Chrome 86 updates.
The Chrome OS will be tweaking its icons to make them more uniform, Chrome for Android will get a new overflow menu, and background tabs that haven’t been used for five minutes will now see their CPU time throttled to a max of 1%.
Additional security tips
Password managers can still offer more security features than Chrome, even with this update. We’d recommend 1Password for the ease of use and fine-tuned controls — you can check out our complete review here and try it out for free over here.