Google Chrome: password protection on mobile, display of the domain name only on computer
The time of the deployment of version 86 of the Google Chrome browser has sounded and it places a heavy emphasis on security.
On smartphones (Android and iOS), version 86 of Google Chrome in turn benefits from password verification which was already available on a computer. As a reminder, this is to determine whether the saved passwords have been compromised and are part of data breaches that have appeared online.
Chrome sends an encrypted copy of the credentials to Google for confrontation with lists of identifiers to the known compromise. Everything is done without Google being able to see the username and password. If applicable, Chrome will direct to the appropriate password change form.
Introducing new ways to stay secure in #Chrome on mobile:
☑️ Safety check, including checks for compromised passwords on Android & iOS
? Enhanced Safe Browsing on @Android
? Biometric password authentication on iOS
Rolling out with our latest version: https://t.co/smZejbhUVA pic.twitter.com/9EaAeddb3S
– Chrome (@googlechrome) October 6, 2020
Already known on computers, the option of secure browsing with enhanced protection is available on Android. Google boasts proactive protection against phishing, malware and other dangerous sites by sharing data in real time with its Safe Browsing service.
On iOS, Chrome version 86 adds support the touch-to-fill functionality which invites the automatic filling of saved passwords by detecting the sites visited by the user. It was already topical on Android and with the introduction of biometric authentication beforehand (Face ID and Touch ID).
As expected, Chrome 86 introduces on computer and Android warnings related to insecure online forms on pages that use the HTTPS protocol. A mixed content issue.
Until Chromme 88, the gradual blocking of downloads from insecure sources that are initiated from secure pages continues to come into play. action.
Also note the practice of the fact that computer users will see in the address bar the only domain name of a URL (name of primary and second-level domain) rather than the full URL. This measure aims to fight against scams and phishing via URL manipulation to deceive the user.
Among other points to highlight, new signage for indicate more clearly that the browser must be restarted in order to apply an update.