Chrome can now store your driver's license and passport, but is that safe?
Google is rolling out an enhanced autofill feature in Chrome that allows users to store and automatically fill in more sensitive data, including driver’s license numbers, passport numbers, and vehicle information. While basic autofill has been available for some time, this new version expands the scope to handle more complex forms and formatting requirements. Users will need to manually enable the feature in Chrome’s settings under “Autofill and passwords” and then toggle on “Enhanced autofill”.
Google claims the enhanced autofill is designed to be private and secure, stating that Chrome will save this data only with user permission and protect it through encryption. Chrome also requires confirmation before filling in saved information. However, security experts caution that no browser feature is perfectly safe, as it must eventually place real numbers into a form, leaving room for potential misuse by malicious sites.
The practical safety of this feature hinges on several factors, including device lock strength, Google account security, installed extensions, and the ability to spot phishing pages. Potential risks include lookalike sites, extra fields on forms designed to capture more information than expected, overprivileged extensions, and unauthorized access to unlocked Chrome profiles.
To mitigate these risks, users should keep their operating systems and Chrome updated, use two-factor authentication or passkeys for their Google accounts, and set up a Chrome sync passphrase to encrypt sensitive autofill data end-to-end. Additional recommendations include storing only necessary data, avoiding autofill on shared devices, verifying the security of websites (HTTPS), and reviewing browser extensions.
As an alternative to Chrome’s enhanced autofill, security experts suggest using a password manager to store sensitive data for online forms. Password managers are designed with the necessary security protections to safeguard autofill information, potentially reducing the risk of a compromised email account leading to the exposure of personal documents.
To read the complete article see: Zdnet Article