Google Chrome previews feature to instantly change compromised passwords

Google Chrome has announced a feature for its built-in password manager that it claims will let users instantly change passwords compromised in data breaches. Google Password Manager already alerts you when your credentials have appeared in a data breach, and partially automates the process of changing your password, but — until now — you still had to go through the steps manually for each of your online accounts.

The Automated Password Change feature, announced at today’s Google I/O keynote presentation, goes a step farther. It will apparently let you generate a new password and substitute it for the old one with a single click, without ever seeing a “Create New Password” page. The feature only works on participating websites. Google is currently in talks with developers to expand the range of sites that will support one-click password changes, with plans for a full rollout later in 2025.

Automated Password Change was discovered as far back as February by eagle-eyed software diggers, but was limited to the early developer-only builds made public as Chrome Canary. At that time, it was located in the “AI Innovations” settings menu, though it’s not yet clear how AI figures in the process.

This feature builds on password health functionality that Google has been steadily incorporating into Chrome since it released the Password Checkup extension in 2019, recognizing that compromised credentials are a common vector for cybercrime. People often reuse the same short, memorable password on multiple websites. If hackers steal a credential database from one weakly defended site and dump it on the dark web, other cybercriminals can try the leaked usernames and passwords on more secure sites — like online banks and cash apps — until one fits.

The best way to prevent this is to use a password manager to generate and save a different strong password for every account you make, even ones you don’t think will handle sensitive information. If you haven’t done this, the second-best prevention is to monitor password data breaches and immediately change any password that gets leaked. If Automated Password Change works as advertised, it’ll make that crisis response a lot more convenient.