Although not mentioned in the release notes, in Brave Version 1.58.124 Stable (Chromium: 117.0.5938.62), it’s now possible to require Windows Hello authentication (PIN, biometrics, etc.) before Brave allows logging into a website with a saved password.
The setting can be found at the following path:
Brave settings > Autofill and passwords > Password Manager > Settings > Use Windows Hello when filling passwords
Use Windows Hello when filling passwords
If you share this device with others, you can turn on Windows Hello to verify that it’s you whenever you use a saved password
Requiring Windows Hello authentication before filling passwords will prevent someone (I.E. a friend/relative/co-worker) from just clicking on a website’s username/password field and logging straight in as you without any authentication.
It’s currently not as configurable as Microsoft Edge, where Edge allows setting it to either ask for Windows Hello authentication every single time (Always ask permission), or only ask once per browsing session (Ask permission once per browsing session). Brave just uses the latter (Ask permission once per browsing session) setting – meaning after authenticating with Windows Hello, it won’t ask for Windows Hello authentication again until the browser has been closed.