Google To Tighten Android Security For Password, Payment Autofills

google-android-autofill-biometrics

Looking to tighten up security, Google is exploring adding biometric scans for password and payments to its Android Autofill options.

The move, according to Android Central, will attempt to address concerns that Google’s password protection has often been less secure than it could be.

For example, when one uses Google Autofill, a prompt to fill in the saved password simply appears without any kind of authentication that would only let the user log in.

This is in contrast to services like 1Password, which uses biometric checks before letting a user log in automatically.

Google is looking at partnering its autofill service with BiometricPrompt API. That will have the effect of letting users verify their identity with a fingerprint, iris or facial image before letting them log in.

A screenshot provided by Mishaal Rahman with XDA Developers shows that the proposed service would give users the options of whether to use the biometrics, being able to switch them on or off for both payment info and credentials separately, giving users the ability to customize their privacy settings.

Password managers, which often let you save a password so you don’t forget it, have proven safer than keeping your passwords on a piece of paper in a drawer somewhere.

Last year, Microsoft announced Windows Hello, which will completely replace passwords in favor of biometric identification like facial recognition, a smartphone or an external authenticator.

Windows Hello was one of several moves toward a password-less future, with other browsers like Mozilla Firefox, Opera and Google Chrome adopting support for WebAuthn, which is a key standard for authentication allowing users to utilize encryption to protect their data – essentially, a JavaScript code autofill used as a middleman between a user and a site.

But although the possibilities for biometric tech for Android Autofill are developing, AndroidCentral said the information wasn’t verified on when, or if, it would be available to the public.