Google has unveiled a groundbreaking feature in its Chrome browser that allows users to automatically change compromised passwords using its built-in Password Manager. This new capability aims to enhance online security by simplifying the process of updating weak or compromised passwords, making it easier for users to maintain their account safety.

Key Takeaways

• Chrome can now automatically change compromised passwords on supported websites.

• The feature generates strong replacement passwords and updates them without user hassle.

• Users must give explicit consent before any password changes occur.

• This update is part of Google's ongoing efforts to improve online security and usability.

Automatic Password Changes

At the recent Google I/O 2025 developer conference, the tech giant announced that its Password Manager will now automatically detect compromised passwords during sign-in. When a weak password is identified, Chrome will prompt users with an option to fix it instantly. This feature is designed to reduce the friction often associated with changing passwords, which many users tend to procrastinate.

According to Google, the Password Manager will not only flag weak passwords but will also generate a strong replacement and update it automatically on supported websites. This means that users can say goodbye to the tedious process of navigating through account settings to change their passwords.

User Control and Consent

Despite the automation, Google emphasizes that user control remains paramount. The browser will not change any password without the user's explicit consent. Parisa Tabriz, Vice President and General Manager of Chrome, stated, "We’re very much focused on keeping the user in control of changing their password." This ensures that users can maintain oversight of their account security while benefiting from the convenience of automated updates.

Preparing for the Update

Website owners are encouraged to prepare for this new feature by implementing specific changes to their sites. To support the automatic password change functionality, developers should:

• Use autocomplete="current-password" and autocomplete="new-password" to facilitate autofill and storage.

• Set up a redirect from /.well-known/change-password to the password change form on their website.

These adjustments will help password managers navigate users directly to the change-password page when a compromised password is detected, streamlining the process further.

The Future of Password Management

This new feature is part of a broader trend in the tech industry towards improving password security. As companies like Microsoft shift towards passkeys as a more secure alternative, Google is also exploring ways to integrate these technologies into its services. However, Tabriz acknowledges that passwords will still be a part of the digital landscape for the foreseeable future, stating, "Many developers will still need to deal with passwords for at least the next few years."

In the meantime, Google is committed to making password management easier and more secure for users. The automatic password change feature is set to roll out later this year, and developers are being urged to prepare their websites accordingly. This initiative not only aims to enhance user security but also to create a smoother, more secure online experience for everyone.

As cyber threats become increasingly sophisticated, your security strategy must evolve to keep pace. BetterWorld Technology offers adaptive cybersecurity solutions that grow with the threat landscape, helping your business stay secure while continuing to innovate. Reach out today to schedule your personalized consultation.

Sources

• Chrome now auto-repairs compromised passwords​, Cybernews.

• Google Chrome Can Now Auto-Change Compromised Passwords Using Its Built-In Manager, The Hacker News.

• Google Chrome will now automatically change your bad passwords, just like 1234 and done, India Today.

• Chrome to Auto-Update Weak Passwords with One Click, Says Google, The Hans India.

• Google Chrome will be able to automatically change your bad passwords, The Verge.