Google tests biometric authentication for Android auto-fill – Naked Security

Google is testing a feature to make Android’s built-in password manager more secure, according to online detectives who have selected their software. The update, still under development, refers to the autocomplete function of the mobile operating system.

In the past, entering passwords on websites and applications on your mobile phone was a big problem due to the way mobile operating systems blocked applications. In the old days, using a password manager like 1Password or Dashlane on an Android device was difficult, because there was no built-in support to connect them to other applications and websites so they could automatically complete their credentials for you.

Instead, they would use the accessibility settings of Android as a bridge for other applications, but it didn’t work perfectly and, to begin with, you had to configure it manually. The alternative was even worse: open the password manager, search for the password and then copy and paste it into the application or site you were accessing.

The answer came in the form of autocomplete, which allows the mobile operating system to complete the password of a trusted list. Google introduced this feature on Android 8 (with the code name of Oreo) in August 2017. You can use it to take autocomplete entries from third-party password managers, or if you want to keep everything in your Google account, you can use autocomplete with Google’s own password management service.

The problem with the autocomplete feature when using Google password manager is that it does not request any additional authorization. Touch the part of the form to complete your own credentials, and collect the Google password manager data and paste it without verifying who you are. That means that if someone else takes your phone while you are distracted, they could log in like you.


Leave a Reply

Your email address will not be published. Required fields are marked *