At Google I/O 2025, Google unveiled a significant enhancement to Chrome’s built-in Password Manager: the ability to automatically update compromised or weak passwords. This feature aims to streamline password management and bolster user security by reducing the friction associated with manual password changes.
Key Features of the Chrome Password Manager Upgrade
1. Automatic Password Replacement
When Chrome detects a compromised or weak password during sign-in, the Password Manager prompts the user with an option to fix it automatically. On supported websites, Chrome can generate a strong replacement password and update it without requiring manual intervention.
2. User Consent and Control
Despite the automation, user consent remains paramount. Chrome will always prompt users before making any password changes, ensuring that users retain control over their credentials.
3. Developer Integration
To facilitate this feature, Google encourages website developers to implement specific standards:
Use
autocomplete="current-password"andautocomplete="new-password"attributes to enable autofill and storage.Set up a redirect from
yourdomain.com/.well-known/change-passwordto the password change form on their website.
Availability
The automatic password update feature is set to roll out later in 2025. Initially, it will support a limited number of websites, with plans to expand as more sites adopt the necessary standards.
