Google Chrome Can Now Auto-Change Compromised Passwords Using Its Built-In Manager

May 21, 2025Ravie LakshmananData Breach / Account Security

Google has introduced a new feature in Chrome that enables the built-in Password Manager to automatically change a user’s password upon detecting compromised credentials.

\”When Chrome identifies a compromised password during sign-in, Google Password Manager offers the user the option to automatically resolve it,\” stated Google’s Ashima Arora, Chirag Desai, and Eiji Kitamura explained. \”On supported websites, Chrome can generate a strong replacement password and update it automatically for the user.\”

This feature enhances the capabilities of the Password Manager by generating strong passwords during registration and flagging credentials that have been compromised in a data breach.

With the automated password change feature, Google aims to streamline the process and help users secure their accounts without the need to navigate through account settings or abandon the procedure midway.

Website owners can facilitate this feature by implementing the following methods:

• Utilize autocomplete=\”current-password\” and autocomplete=\”new-password\” to trigger autofill and storage
• Establish a redirect from <your-website-domain>/.well-known/change-password to the password change form on their website

\”It would be much easier if password managers could redirect users directly to the change-password URL,\” Kitamura suggested. \”This is where a well-known URL for changing passwords becomes useful.\”

\”By setting up a well-known URL path that directs users to the password change page, websites can effortlessly guide users to the appropriate location to change their passwords.\”

This advancement comes as companies are increasingly adopting passkeys as a more robust method to safeguard accounts against potential takeover attacks. Recently, Microsoft announced that passkeys will be the default method for new customer account registrations.