It's been a couple of years since the Autofill API was added to Android and you've been able to use Google or other password managers to fill in your credentials and log in to apps. However, while most third-party password apps require you to verify your identity before releasing your details to another app, Google's autofill just surrendered those details willy-nilly as long as your phone was unlocked. That's not so secure. A recent change to Play Services fixes that by letting you require an on-the-spot authentication before Google autofills the data fields.
The change seems to have rolled out in a recent version of Play Services. Our tipster saw it with v20.33.13 (APK Mirror), but I have it in v20.26.14 too, which is a month old. Another device on that same old version doesn't have it, so it's likely a server-side.
Regardless of how the feature gets activated, you'll find it when you head to Settings > Google > Autofill > Autofill with Google. A new Autofill Security menu should be there, with a single Credentials toggle inside.
Turn that on, and make sure you're using Google's autofill service (Settings > System > Languages & Input > Autofill service and pick Google).
Now, when you're using any app that calls on autofill to enter your passwords, payment methods, addresses, or other personal information associated and saved on your Google account, you'll be asked to verify your identity. On Android 10 devices and above, that means either using fingerprint, face, or retina authentication.
Here is a video showing off how quickly it works with face unlock on the Pixel 4. Blink and you'll miss it.
This new feature was discovered by XDA Developers in a teardown of Play Services in January, but it wasn't live then. It sure took its time to show up for users. As always with server-side updates, there's no guarantee for a way to get the option, but an update to the latest v20.33.13 beta (APK Mirror) might raise your odds a bit.
- Nick Cipriani