Friday, November 22, 2024

Google Chrome For Android Users Alerted To ‘No 2FA’ Password Problem

Must read

Clearing your web browser cache and using a password manager are among the top tips for basic security and privacy. Unless you are doing both these things using Google Chrome on the Android mobile platform, it would seem. Until an application update fixes the issue, this version of Chrome defaults to including your saved passwords in the items deleted when clearing your browser data. Chrome for Android users should also be aware that when clearing this data there will be no authentication required before deleting all your passwords.

Who Raised The Chrome For Android Password Deletion Issue?

A user highlighted the problem of Google Password Manager credentials vanishing when clearing browsing data for Android Chrome users in the Google Pixel subreddit, relating their own experience. Happy to move from using a combination of Authy and Bitwarden for authentication and password management to Google Password Manager for a more integrated experience; all was fine until recently.

Noticing the Pixel smartphone’s performance had slowed down, the user cleared the Chrome browser history and cache. They noted that ‘saved passwords’ were among those listed as configured for data to be cleared but didn’t think this related to passwords in the integrated password manager vault. “Cherry on the top,” the user said, “is that Chrome didn’t prompt or request for additional authentication, like a fingerprint, before cleaning out the vault.”

ForbesGoogle’s Pivotal New 2FA Security Update-What You Need To Know

The user in question had to revert to switching back to Bitwarden, which they had not deleted, to regain control of accounts protected by the credentials stored there. Google support had already told them that the passwords could not be retrieved as far as the ones stored on Chrome and deleted were concerned. An Android developer who read the posting then raised the issue on the Google Chromium developer support forums with the title of: To prevent users inadvertently clear all passwords change the UI.

Google’s Response Is That A Fix Is Coming Soon

The posting in the developer support forum included a recommended mitigation to solve the problem of users inadvertently deleting their password vault data: remove the ‘Saved Passwords’ option from the Chrome for Android clear browsing data user interface. Another developer who had also lost passwords with a single click complained that “not forcing two-factor authentication for something like this is crazy to me.”

A Google employee responded by raising the issue with a member of the Chromium team, asking if they should reconsider how the UI works when clearing passwords. The answer was a resounding yes. While acknowledging the removal of the saved passwords item from the toggle list, the Chromium developer did warn that there will be “some product work” before the change can be made and released to general public.

In the meantime, Android users should go and check the Chrome three-dot menu for items listed under the clear browsing data option. Ensure the saved passwords option remains unchecked if you also make use of the integrated Google Password Manager.

ForbesGoogle’s $6 A Month Chrome Security Subscription Is A Thing Now

Latest article