Chrome 70 adds biometric web authentication and shape detection

Something to look forward to: Chrome will finally allow you to use your fingerprint for authentication to websites and online services. It is a step closer towards never having to remember passwords again.

Google just recently launched the Chrome 70 beta with a handful of changes. There is finally support for web authentication using fingerprint readers on Android devices as well as macOS's TouchID.

After adding means to manage user credential in Chrome 51, Chrome 70 will finally enable strong biometric authentication. Notably, only Android devices and macOS laptops are supported for now. Windows devices, iPhones, and iPads are not able to use the new feature yet.

Chrome's Shape Detection API is separated into three different subsystems. Face detection can find the location of eyes, noses, and mouths and return that data with options to maximize speed or performance. A barcode detection function allows for standard labels and QR codes to be identified from images. Text detection can pull Latin-1 text out of images and allow for further processing.

Even though Windows 10 was left out for biometric authentication in Chrome, it is finally receiving support for Web Bluetooth. Android, ChromeOS, and macOS all supported this secure means of allowing websites to communicate with nearby Bluetooth devices since Chrome 56.

Additionally, WebUSB now allows heavy I/O operations and processing of data from USB devices without slowing down the main application. Intensive USB activity is now offloaded to a separate thread.

When browsing in full-screen mode, dialog boxes prompting for payments, authentication, or file selection will cause Chrome to exit full-screen view. This is meant to prevent social engineering attempts designed to trick users into providing information.

Finally, the TLS protocol has been updated to version 1.3 to improve security and efficiency. Fewer round-trips are needed to make secure connections. Some legacy options have been removed to prevent insecure connections appearing to be secured. Additional data presented during the handshake process is now encrypted while keys are less susceptible to being compromised.