187/68 Friday, May 23, 2025
Google has introduced a new feature in the Chrome browser that allows its built-in password manager to automatically change user passwords when they are found to be compromised in a data breach. According to Google engineers Ashima Arora, Chirag Desai, and Eiji Kitamura, when Chrome detects that a password has been breached during a login process, users will receive a prompt with an option to let Chrome automatically change the password. On supported websites, Chrome can generate a strong new password and update it automatically.
This feature builds upon existing capabilities of Google Password Manager, which already generates secure passwords and alerts users when credentials are found in known data leaks. The new auto-change feature aims to streamline the recovery process, addressing common user obstacles such as locating the password reset page, thereby enhancing security with minimal friction.
For website owners who want to support this feature, they can implement it by using the attributes autocomplete="current-password" and autocomplete="new-password" in password fields. Additionally, they should set up a redirect from<your-website-domain>/.well-known/change-password
to their actual password change page. This allows password managers to navigate users directly to the appropriate form, improving both security and user experience.
This update comes amid a growing trend toward Passkeys, a more secure and phishing-resistant authentication method. Recently, Microsoft announced that Passkeys are now the default sign-in method for new customer accounts, signaling a shift in how companies are approaching account security.
Source https://thehackernews.com/2025/05/google-chrome-can-now-auto-change.html
