This week's news from About Chromebooks, Nov. 20, 2022
Hey Chromies!
Hope my U.S. readers are getting ready to spend some quiet time with the family during the Thanksgiving holiday. For those that don’t celebrate, there’s no reason you can’t slow down and de-stress with your loved ones too!
This week I reported on Google’s Material You feature, coming to Chromebooks. The feature intelligently customizes the look and feel of ChromeOS based on your wallpaper colors. Sweet!
I also have two original pieces to share and they’re important. That’s because they deal with data privacy and security. One is focused on what you can do now to improve these online aspects. The other talks about our future without passwords on Chromebooks and other devices. I hope these are informative and helpful
Also, my regular, weekly goes out to subscribers that bought me a coffee. If you get value from this newsletter and want to say thanks, click the button below. As always, that’s never required but always appreciated.
Cheers,
kct
This week’s most read post on About Chromebooks
ChromeOS 110 adds Material You Chromebook theming
Android 12 brought what Google calls Material You, a theming feature that changes your phone interface colors to complement the background wallpaper colors. We’ve known since June that Material You Chromebook theming is coming. And now we have an idea when thanks to Leopeva64 on Reddit. ChromeOS 110 adds Material You Chromebook theming.
To be clear, this is an experimental, in-progress feature on the ChromeOS 110 Canary Channel. I see the flags to enable it in ChromeOS 109, but they have no functionality. So for everyone running the latest Stable Channel of ChromeOS, you’re looking at around three months before Material You Chromebook theming arrives.
That said, the feature is what you’d expect and looks nice in its early stages.
Here’s an animation of how your new tab page colors and interface change when picking different wallpapers.
As a different wallpaper is chosen the Material You Chromebook theming changes the UI colors to complement or match the background.
Of course, to get this functionality you have to enable the experimental flag at chrome://flags#customize-chrome-color-extraction flag. That’s the secret sauce that analyzes the background colors to create the Material You theming colors.
The chrome://flags#ntp-enable-comprehensive-theming flag appears to be how the theme changes, based on this code.
I’m guessing many Chromebook users have Android phones, so they may already be familiar with Material You. I am not one of those users.
I’m familiar with Material You, of course, but I use an iPhone. So my handset doesn’t have such personalized customization. And I can live with that.
But I do find Material You Chromebook theming to be something I would use. Maybe it’s because I use my laptop far more than my phone? I’m curious to hear from Android users on what they think of Material You. And from general Chromebook users: Is this a feature you’re looking forward to?
4 Chromebook security tips for data privacy and protection
Chromebook security may sound like an oxymoron to some, but it’s a real thing. This morning I read a great checklist on Michael Horowitz’s “Defensive Computing” site and was thrilled to see a section devoted to Chromebooks. Michael’s entire checklist is a recommended read when you have time, regardless of your device or platform choice. There are so many good suggestions here that I decided to surface some of them, along with a few of my own. Here are four Chromebook security tips for improving your data privacy and protection.
Disable Chromebook features you don’t want or need
I’ve pointed out that I’m not a big user of Android apps on my Chromebooks. So I typically disable the Google Play Store until and/or if I need an Android app. That boosts my Chromebook performance. But it can also help limit the amount of personal information you provide to both Google and Android developers, hence the Chromebook security of your data.
To that end, Michael suggests you disable Chromebook and/or Chrome features such as:
Autocomplete searches and URLs
Help improve Chrome’s features and performance
Make searches and browsing better (this sends browser history data to Google)
Enhanced spell check, something I’ve previously covered from a data privacy perspective
Google Drive search suggestions
Google Assistant
Obviously, if you get enough value from these, or other optional features, you probably don’t want to disable them. My suggestion: Consider what you’re giving up in terms of your data compared to that value. Then decide whether to continue using the feature in question or not.
Ethernet over Wi-Fi for Chromebook security
Wireless networking is inherently less secure than the wired type. And yet, I’m betting most Chromebook users (including me!) use Wi-Fi all the time. That’s more due to convenience and the hardware you have. To use a wired connection your Chromebook needs an ethernet port. Most do not, although some of the new cloud-gaming Chromebooks do. That’s for speed and latency more for security though.
If you can work near an ethernet port, it is possible to connect using an ethernet adapter, or even a hub, for that wired connection. This $23 Anker adapter uses USB Type-C and works with a wired connection of up to 1 Gbps.
On a related note, I’d suggest subscribing to a trusted VPN provider for Wi-Fi use. When I switched from Gmail to Proton’s encrypted email service in 2020, I bundled in Proton’s VPN service as well. FWIW, there’s a nice Proton bundle on sale now for Black Friday that’s discounted by 40 percent. It includes Mail and VPN, along with Proton Drive and Calendar. I don’t make a dime if you sign up; I’m just a paying customer that’s very happy with the product.
Boost Chromebook security with a Yubikey
While using a password or PIN to secure your Chromebook is certainly good, a two-factor authentication (2FA) method is better. I’ve used both a Google Titan key as well as a Yubikey with all of my Chromebooks for a few years now. Even if someone knows my Google account credentials, they’re not getting into my Chromebook with this physical key. As an added benefit, these hardware keys can act as a 2FA method for other online credentials. They cost around $30 to $70 and are well worth the extra protection.
How do I know this? When I worked at Google, every employee was issued one of the keys and it was required to use a Chromebook or another computer. No exceptions.
Note that some newer Chromebooks have fingerprint sensors. This adds security as well and some websites do support its use for 2FA. Not enough of them do to make a fingerprint sensor a “must-have” on my Chromebook yet. Still, it’s worth a mention.
Don’t skimp on password security or services
Michael’s checklist has a whole section devoted to smart password usage. It applies not just to Chromebooks of course, and I’m not going to regurgitate it all here.
What I will say is if you’re already looking to limit your data exposure when using a Chromebook, don’t forget the passwords. I decided not to house my own passwords with Google or with Apple after years of doing so. For one thing, they both have enough of my data. For another, this was not a cross-platform solution as I switched between devices.
I researched password managers and there are several. It’s a personal choice so I won’t recommend one over the other. But I will say that I pay for 1Password and don’t regret the fee. I have a Chrome extension to access all of my passwords from a Chromebook and a Safari extension to do the same on an iPhone. I also access 1Password on Windows and Linux through desktop apps.
Got any additional Chromebook security tips or suggestions?
Passkeys on Chromebooks: What you need to know
After sharing Chromebook security tips yesterday, I have a timely follow-up today. Passkeys on Chromebooks are coming and this solution will greatly reduce, if not get rid of, having to type passwords. It’s not specific to ChromeOS or Chromebooks, but I thought to share information in this context.
What are Passkeys?
As I understand it, Passkeys are digitally encrypted credentials tied to an app or web account. There’s a hint of two-factor authentication (2FA) as you can use a second device for authentication, although it’s not required. Passkeys for Chromebooks, for example, can be stored in the Google Password Manager. When prompted to sign in to a web app on your Chromebook then, you can use your Google password, your Chromebook PIN, or even biometrics to authenticate the Passkey.
The latter action makes me happy because I’ve said for a while that fingerprint sensors on Chromebooks need to do more. They should support Passkeys for Chromebooks.
With Passkeys, you don’t need to know a password. Instead, credentials are stored in some central location or on a device along with the public and private encryption keys. When you log in with a Passkey, both the requesting service and you have the public encryption keys for authorization. But only you have the private keys for the credentials. Passkey solutions verify that you do have the private keys, and if so, authorize your session.
Here’s how Google describes Passkeys, in a developer post from last month:
A passkey is a digital credential, tied to a user account and a website or application. Passkeys allow users to authenticate without having to enter a username, password, or provide any additional authentication factor. This technology aims to replace legacy authentication mechanisms such as passwords.
When a user wants to sign in to a service that uses passkeys, their browser or operating system will help them select and use the right passkey. The experience is similar to how saved passwords work today. To make sure only the rightful owner can use a passkey, the system will ask them to unlock their device. This may be performed with a biometric sensor (such as a fingerprint or facial recognition), PIN, or pattern.
How Passkeys on Chromebooks will work
Instead of traditional passwords then, Passkeys are like approved authentication tokens. Like passwords, you’ll have to set up a Passkey for each app or service you use. But there’s no “choosing” a combination of alphanumeric and special characters. No password length requirement. And no need to remember a password. So there’s no need to type any passwords, either.
This video demonstration illustrates the use of an Android phone using Passkeys for secure application and website authentication:
For most people, Passkeys on Chromebooks will likely be stored in the Google Password Manager. When prompted for a Passkey on your Chromebook, this native solution should prompt you to “use” the stored Passkey. Or, to be a little more cautious, you can use a supported phone to approve the request. But I think many will appreciate the convenience factor of the built-in support for Passkeys in the Chrome browser.
If you’re like me and use a third-party password manager with a Chromebook, you’re in luck. This is an industry-wide movement so it’s being adopted by several password manager services. In my case, that’s 1Password, which created a Passkey demo you can try out here. There’s also a great explainer video on how Passkeys work at that link.
When will Passkeys on Chromebooks arrive?
Google last month introduced Passkey support for both Android and Chrome. By extension, that means Passkeys on Chromebooks are already here; at least for sites and services that support them. Developers have to implement Passkeys using the WebAuthn API to add support.
In fact, you may have seen this web authentication dialog box when signing in to a website on your Chromebook. Here it is to the right. This is Google’s implementation for the user experience. Not shown is a QR code to set up a Passkey from your supported phone.
So in a sense, Passkeys on Chromebooks are already here. It’s just a matter of time for web services and apps to add support. I, for one, can’t wait until they all do. Heck, I might even buy a Chromebook with a fingerprint sensor just to celebrate that day!
That’s all for this week!
Behing a short “work” week — I actually work everyday, but hey! — I may not send a newsletter next Sunday. I’m playing it by ear so if you don’t see one, you’ll know I disconnected from the Matrix to recharge my batteries.
I sincerely hope you all find some time to do the same.
Until next time,
Keep on Chromebookin!
Thanks for your advice on chromebook security. I have a new Chromebook running Chromeos 107, but there is no option to disable or turn off Google Play Store, the only option is to uninstall it, which for obvious reasons I don't want to do. So am I stuck with it always enabled?