Sometimes better is still not good enough. And so it is with the latest Chrome update to be confirmed by Google. This fixes a glaring security vulnerability, but it’s still not recommended. With the mobile threat landscape worsening, here’s what you should do.

The “much-needed fix” spotted by Android Authority adds “biometric authentication before autofilling passwords.” This is already available in apps but not websites. That now changes, “finally preventing password autofill without user verification.”

ForbesGoogle Confirms Gmail Warning—Most Users Must Upgrade AccountsBy Zak Doffman

But the inherent problem with Google’s Password Manager is that it’s built into its Chrome browser. And whatever password manager you use — and you should use one, it shouldn’t be built into any browser, whether Chrome, Edge or something else.

If you are using Google’s Chrome password manager, TechRadar says “you should reconsider.” Despite its convenience, “there are significant downsides you can’t ignore.” Above all, it takes a convenience-first rather than a security-first approach. This also means less extensive protections against autofill attacks in general.

As I reported last month, the Freedom of the Press Foundation, PC Mag and Android Police all advocate using something else. “Google has made it easier to move away from its password manager with a new ‘Delete all data’ option in the settings.” You should do that and move to a password manager fire-gapped from your browser.

Per TechRepublic, “today’s online landscape is fraught with many cyber threats, and only a dedicated password manager can offer advanced features like zero-knowledge encryption, cross-platform compatibility, travel mode, and secure password sharing.”

ForbesFBI Warns iPhone And Android Users—Do Not Share These TextsBy Zak Doffman

Android Authority explains the new update “prevents thieves who steal your phone from signing into accounts that aren’t already logged in. Unfortunately, Google Chrome on Android currently autofills passwords without any form of authentication.”

And so, if you are sticking with Google’s Password Manager, you should enable this when it releases. But if you want to better protect your passwords and accounts, take this opportunity to select a blue-chip password manager and move to that instead.