Google is enhancing online security with a new automated password-changing feature in Chrome, aimed at keeping user accounts safer with less effort. When Chrome’s built-in Password Manager detects a compromised password during sign-in, it will now prompt users with the option to automatically fix and update the password, without needing to manually navigate account settings.
How the Feature Works
According to Google’s Ashima Arora, Chirag Desai, and Eiji Kitamura, Chrome users will receive a prompt if a saved password is found in a known data breach. On supported websites, users can then opt for Chrome to:
- Generate a strong new password
- Automatically update the password for the account
This capability builds on existing Password Manager features like suggesting secure passwords at sign-up and flagging leaked credentials.
The goal is to minimize friction during the password update process, making it easier for users to stay secure without dropping off halfway through a manual password change.
How Websites Can Support It
To enable Chrome’s auto-change functionality, website owners can take two key steps:
- Use the following HTML attributes:
- autocomplete=”current-password”
- autocomplete=”new-password”
- Implement a well-known URL redirect:
- Redirect https://<your-domain>/.well-known/change-password to your site’s password change page.
“It would be much easier if password managers could navigate the user directly to the change-password URL,” said Google engineer Eiji Kitamura.
This setup ensures that password managers like Chrome can reliably guide users to the correct interface for updating their login details.
Part of a Larger Shift Toward Passwordless Security
This feature comes as tech companies continue shifting toward passkeys and passwordless login systems to further reduce risk. For example, Microsoft recently announced that passkeys will become the default sign-in method for new customer accounts.
Google’s Chrome update shows a clear move toward simplifying cybersecurity for users, automating routine but essential tasks to keep accounts protected in an increasingly digital world.
