Google Chrome's password autofill to receive new feature

Martin Brinkmann
Jan 16, 2014
Google Chrome

I do not use the built-in password manager of web browsers that I use or online password managers that are added via browser extensions.

There are several reasons for that: First, I do not like passwords to be stored by programs that have direct contact to the Internet or that may update without being able to prevent that, or introduce features that introduces bugs and possible leaks.

As far as online password managers go, I do not like the idea of my data being stored on a server somewhere where I have no control over it whatsoever. Sure, it is secure and bla bla bla, but it is impossible to proof that without the shadow of a doubt.

Anyway, not the best introduction for a new password manager feature that Google just rolled out to Chromium and Chrome Canary (maybe Dev as well, not sure).

Password domain matching improvements

The new feature is not enabled by default, which means that you need to switch a flag in the browser to enable it. Currently, it is available for Windows, Linux and Android, but not for Mac systems.

What it does? Maybe you have experienced situations where authentication information are stored in the browser, but not displayed to you or automatically filled out. Say, Chrome saved password information for or, and you suddenly find yourself on or a top secret sub-domain on Ghacks.

Because you are on a different sub-domain, Chrome won't suggest to fill out the information directly. The new flag chrome://flags/#password-autofill-public-suffix-domain-matching (Public suffix domain matching for autofill of passwords) changes that.

Once you enable the feature and restart Chrome, you may see account information on pages that are on the same root domain but not on the same sub-domain.

So, if username and password are stored for, the browser will now suggested the same user account on other Facebook sub-domains. It displays the information once you start to type the first letter of the username, and will display the domain it has been saved for.

chrome pass autofill feature

It seems possible to currently match sub-domains with each other, at least on Facebook. So, a saved password for works also on

Closing Words

While the new feature looks like an improvement, as it makes things easier for the user, I'd use the old fashioned way instead and copy paste the username and password on the new site.

It looks to be a feature that could appeal to a lot of users who prefer convenience over security though.


Previous Post: «
Next Post: «


  1. ATooma said on January 17, 2014 at 2:51 pm

    Your reasons not to use built-in password managers is understandable. For me a solution from a respected security company is prefered:

    Maybe a review?!

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.