Latest Cyber Security News

You are here: Home / General Cyber Security News / Google Chrome Can Now Auto-Change Compromised Passwords Using Its Built-In Manager
May 21, 2025

Google has announced a new feature in its Chrome browser that lets its built-in Password Manager automatically change a user’s password when it detects the credentials to be compromised.

“When Chrome detects a compromised password during sign in, Google Password Manager prompts the user with an option to fix it automatically,” Google’s Ashima Arora, Chirag Desai, and Eiji Kitamura said. “On supported websites, Chrome can generate a strong replacement and update the password for the user automatically.”

The feature builds upon Password Manager’s existing capabilities to generate strong passwords during sign-up and flag credentials that have been detected in a data breach.

✔ Approved Seller From Our Partners
Mullvad VPN Discount

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount


With the automated password change, Google said the idea is to reduce friction and help users keep their accounts secure without having to search for relevant account settings or abandon the process midway.

Website owners can support this feature by adopting the following methods –

  • Use autocomplete=”current-password” and autocomplete=”new-password” to trigger autofill and storage
  • Set up a redirect from <your-website-domain>/.well-known/change-password to the password change form on their website

Cybersecurity

“It would be much easier if password managers could navigate the user directly to the change-password URL,” Kitamura said. “This is where a well-known URL for changing passwords becomes useful.”

“By reserving a well-known URL path that redirects the user to the change password page, the website can easily redirect users to the right place to change their passwords.”

The development comes as companies are increasingly shifting to passkeys as a stronger alternative to protect accounts from potential takeover attacks. Earlier this month, Microsoft said it’s making passkeys the default method when signing up for new customer accounts.

Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post.


Some parts of this article are sourced from:
thehackernews.com

Reader Interactions

Leave a Reply

Your email address will not be published. Required fields are marked *