Google Chrome’s password autofill to receive new feature

Advertisement

I do not use the built-in password manager of web browsers that I use or online password managers that are added via browser extensions.

There are several reasons for that: First, I do not like passwords to be stored by programs that have direct contact to the Internet or that may update without being able to prevent that, or introduce features that introduces bugs and possible leaks.

As far as online password managers go, I do not like the idea of my data being stored on a server somewhere where I have no control over it whatsoever. Sure, it is secure and bla bla bla, but it is impossible to proof that without the shadow of a doubt.

Anyway, not the best introduction for a new password manager feature that Google just rolled out to Chromium and Chrome Canary (maybe Dev as well, not sure).

Password domain matching improvements

The new feature is not enabled by default, which means that you need to switch a flag in the browser to enable it. Currently, it is available for Windows, Linux and Android, but not for Mac systems.

What it does? Maybe you have experienced situations where authentication information are stored in the browser, but not displayed to you or automatically filled out. Say, Chrome saved password information for http://www.facebook.com/ or http://www.ghacks.net/, and you suddenly find yourself on http://m.facebook.com/ or a top secret sub-domain on Ghacks.

Because you are on a different sub-domain, Chrome won't suggest to fill out the information directly. The new flag chrome://flags/#password-autofill-public-suffix-domain-matching (Public suffix domain matching for autofill of passwords) changes that.

Once you enable the feature and restart Chrome, you may see account information on pages that are on the same root domain but not on the same sub-domain.

So, if username and password are stored for www.facebook.com, the browser will now suggested the same user account on other Facebook sub-domains. It displays the information once you start to type the first letter of the username, and will display the domain it has been saved for.

chrome pass autofill feature

It seems possible to currently match sub-domains with each other, at least on Facebook. So, a saved password for http://m.facebook.com/ works also on http://touch.facebook.com/.

Closing Words

While the new feature looks like an improvement, as it makes things easier for the user, I'd use the old fashioned way instead and copy paste the username and password on the new site.

It looks to be a feature that could appeal to a lot of users who prefer convenience over security though.

Please share this article

facebooktwittergoogle_plusredditlinkedinmail

Advertisement

Responses to Google Chrome’s password autofill to receive new feature

  1. ATooma January 17, 2014 at 2:51 pm #

    Your reasons not to use built-in password managers is understandable. For me a solution from a respected security company is prefered:

    http://www.f-secure.com/en/web/home_global/key

    Maybe a review?!

Leave a Reply