Chrome now can find hacked passwords on Android and iPhones

A Google Chrome sticker

Version 86 of Google’s Chrome web browser adds new security options on smartphones.

Stephen Shankland/CNET

Chrome running on your smartphone now can check whether your passwords have been hacked. The feature previously worked on personal computers, but now works on Apple iPhones and devices powered by Google’s Android, the company said Tuesday.

The feature sends usernames and passwords to Google servers to check if they’ve been compromised in known data breaches. Google itself can’t see your usernames or passwords, though, only check if they match ones that have been compromised.

Google’s password check, which arrives Tuesday with the release of Chrome 86, only works if you use Chrome to store your passwords. But the idea also is built into third-party password managers like 1Password and browsers like Mozilla Firefox, Apple Safari and Microsoft Edge.

Chrome dominates browser usage, and other browsers like Brave, Samsung Internet, Opera and Vivaldi are built with Google’s open-source Chromium browser engine.

That usage means Google has outsized influence over the web. Google is moving as fast as possible to make the web a vibrant competitor to Google’s Android and Apple’s iOS. But Google’s browser push conflicts with Apple’s priorities, raising tensions in the tech industry and among developers.

One area where Google and Apple get along is with a new feature designed to make it easier for people to change passwords. The feature, created by Apple engineers, makes it possible for software like browsers or password managers to find a website’s address for changing passwords. Google now supports it in Chrome 86.

Chrome 86 on iOS also adds support for a protection that Chrome for Android already has, a “touch to fill” biometric authentication step needed before the browser autofills your usernames and passwords into a website.

And the new browser adds to Android devices a Google option called Enhanced Safe Browsing designed to cut down on phishing attacks to steal your username and password credentials or other sensitive information.

If you enable it, it’ll send real-time browsing data to Google if you’re logged in. That lets Google catch fast-acting attacks that could evade Chrome’s ordinary list of blocked websites that’s updated every 30 minutes. It also lets Google check for related security problems with other services like Gmail and Google Workspace, the new name for Google’s G Suite productivity tools.

Source Article